Fork CMS Local File Inclusion

2013.04.19
Credit: Rafay Baloch
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-98

============================================================================== Fork-CMS Local File Inclusion: Author: Rafay Baloch Introduction: Local file inclusion vulnerability occur when the include function is not sanitized properl, LFI is classified under OWASP Top10 under "A4 Insecure Direct Object References" also commonly known as a form of "Directory traversal attack". Impact: Depending upon the scenario, If /etc/proc/environ file is accessible, LFI could be used to for uploading a shell/backdoor on to the server. If /proc/environ file is not accessible, LFI can be combined with Log file inclusion to acheieve a RCE (Remote code execution upon the server" Proof OF Concept: The url below would be displaying the contents of /etc/passwd file, the password is shadowed and would be accesible under /etc/shadow only under root priviledges, but still lfi gives a good attack surface for an attacker. http://www.fork-cms.com/frontend/js.php? module=core&file=../../../../../../../../../../../../../../../../etc/passwd&language=en&m=1339527371 Mitigations: https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References

References:

https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top