Re: PHMe CMS 0.0.2 local File Include Vulnerabilitiy

---

• From: BlackHawk <hawkgotyou@xxxxxxxxx>
• Date: Mon, 23 Jul 2007 18:57:44 +0200

---

Hello h4ck3riran,

looks like you need mq=off to make this attack..
and this is quite impossible a tthe time because is defailt on..

Monday, July 23, 2007, 4:04:41 PM, you wrote:

# Tilte: PHMe CMS 0.0.2 local File Include Vulnerabilitiy

# <www.Aria-security.Com For English >
# <www.Aria-Security.net For Persian >
# < Author: You_You >
# < Software: PHMe CMS >
# < Site Script: http://sourceforge.net/projects/phme >

proof Of Concept :

www.example.com/[path]/resources/function_list.php?action=[Local Script]%00

--
Best regards,
BlackHawk mailto:hawkgotyou@xxxxxxxxx

---

• References:
  • PHMe CMS 0.0.2 local File Include Vulnerabilitiy
    • From: h4ck3riran

• Prev by Date: n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory
• Next by Date: [Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.
• Previous by thread: PHMe CMS 0.0.2 local File Include Vulnerabilitiy
• Next by thread: n.runs-SA-2007.021 - Norman Antivirus LZH parsing Arbitrary Code Execution Advisory
• Index(es):
  • Date
  • Thread

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-07