Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

JGI CMS 1.0 Script Source Code Disclosure

🗓️ 11 Sep 2017 00:00:00Reported by RenziType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 46 Views

JGI CMS 1.0 Script Source Code Disclosure, High Severity, Remote Exploitatio

Code
`Title:  
=======  
JGI CMS - Script Source Code Disclosure  
  
Introduction:  
==============  
A content management system (CMS) is a computer application that supports the creation and modification of digital content.   
It is often used to support multiple users working in a collaborative environment.  
CMS features vary widely. Most CMSs include Web-based publishing, format management, history editing and version control, indexing, search, and retrieval.   
By their nature, content management systems support the separation of content and presentation.  
  
Vulnerability Disclosure:  
==========================  
2017-09-10: Public Disclosure  
  
Affected Product(s):  
=====================  
JGI CMS 1.0  
  
Exploitation Technique:  
========================  
Remote  
  
Severity Level:  
================  
High  
  
Technical Details & Description:  
=================================  
A Source Code Disclosure vulnerability has been discovered in the JCI CMS web-application.  
The vulnerability is located in the 'arquivo' parameter of the`dl.php` action GET method request.  
  
Request Method(s):  
  
[+] GET  
  
Vulnerable Function(s):  
  
[+] dl.php  
  
Vulnerable Parameter(s):  
  
[+] arquivo  
  
Proof of Concept (PoC):  
========================  
It is possible to read the source code of this script by using script filename as a parameter.   
It seems that this script includes a file which name is determined using user-supplied data.   
This data is not properly validated before being passed to the include function.  
  
[+] http://www.abq.org.br/dl.php?arquivo=dl.php  
  
Solution   
=========  
For starters, programmers should be trained to validate user input from browsers.   
Input validation ensures that attackers cannot use commands that leave the root directory or violate other access privileges.   
Beyond this, filters can be used to block certain user input.   
Enterprises typically employ filters to block URLs containing commands and escape codes that are commonly used by attackers.   
Additionally, web server software (and any software that is used) should be kept up-to-date with current patches.   
Regularly patching software is a critical practice for reducing security risk, as software patches typically contain security fixes.  
  
Credits  
========  
Felipe "Renzi" Gabriel  
  
Contact  
========  
[email protected]  
  
References  
==========  
https://www.acunetix.com/vulnerabilities/web/script-source-code-disclosure  
https://www.veracode.com/security/directory-traversal  
https://en.wikipedia.org/wiki/Content_management_system  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
11 Sep 2017 00:00Current
7.4High risk
Vulners AI Score7.4
content management systemweb-based publishingversion controlsource code disclosureuser input validationsecurity riskpatching softwarefelipe gabriel
46