Wonder CMS 2014:  	www.wondercms.com
By Ross Marks: 		www.rossmarks.co.uk

1. Password Disclosure
	can directly view /files/password to view unsalted MD5 password
	recommend using .htaccess (on apache) to disallow access to folder

2. Full path disclosure
	change password to an array then try to log in i.e.
		<input type="password" name="password[]">
	"Warning: md5() expects parameter 1 to be string, array given in /full/path/to/index.php on line 135
	
3. XSS
	edit the page can just put <script>alert(1);</script> or use a broken image <img src="x" onerror="alert(1);" />
	also works for all settings values (navigation, title, description, keywords & copyright)
	
4. LFI
	edit the theme set value="<include path>" and change "<select onchange"= to "<select onclick="
	then simply click the select box
	this is a flaw in index.php that contains the code:
		require("themes/".$c['themeSelect']."/theme.php");
		
5. RFI
	http://www.target.com/wondercms/js/editInplace.php?hook=<file to include>
	issue is with editInplace.php containing the following code (line 17):
		<?php if(isset($_REQUEST['hook']))include($_REQUEST['hook']); ?>