1 #####################################################################################
2 # #
3 # r0ut3r Presents... #
4 # #
5 # Another r0ut3r discovery! #
6 # #
7 # ContentNow 1.30 Local File Include & Arbitrary File Upload/Delete Vulnerabilities #
8 # #
9 #####################################################################################
10 # #
11 # Software: ContentNow 1.30 Vulnerabilities #
12 # #
13 # Vendor: http://www.contentnow.mf4k.de/ #
14 # #
15 # Released: 2006/11/13 #
16 # #
17 # Discovered By: r0ut3r (writ3r [at] gmail.com) #
18 # #
19 # Criticality: Highly critical #
20 # #
21 #####################################################################################
22
23 Local file inclusion vulnerability
24 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
25
26 Vuln code:
27 −−−−−−−−−−
28 33 // get/set language
29 34 $setLang= (empty ($_GET[’lang’])) ? $c