by r0t,der4444,cembo,VietMafia

Tuesday, November 15, 2005

iCMS "page" File Inclusion Vuln.

iCMS "page" File Inclusion Vuln.

author: r0t (hackers.by.lv)
Date 14 nov. 2005


software developer:http://www.cogilent.com/


Vuln Description:

Input passed to the "page" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.

Solution:
Edit the source code to ensure that input is properly verified.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew