Lucene search
contentServ.txt
ContentServ CMS remote file reading vulnerability in /admin/about.ph
Show more
`----------------------------------------------------------------------
--[ ContentServ (still) features remote reading of arbitrary files ]--
-------------------------[ [email protected] ]------------------------
/* Boring PHP bug warning:
* """"""""""""""""""""""""""""""
* By reading boring PHP bug advisories it is possible to
* fall asleep (if not affected) instantly w/o a warning!
*
* I told you, it's your decision now.
*/
ContentServ is a cms developed by ... ContentServ.de and is a quite
commonly used cms system at least in .de.
Some months ago while pentesting www.contentserv.com i've found a bug
(yo alex i rooted you back then but somehow you didn't need sec support)
in ContentServ 3.1. which - to my surprise - is still accessible on some
installations. Somebody should have read the apache logs over there ;)
I had some fun with it (the bug and your server) back then.
The bug resides in /admin/about.php:
[...]
include("../$ctsWebsite/data/config.php");
[...]
This boils down to a damn stupid:
www.we-cant-design-our-hp.com/contentserv/3.1/admin/about.php?
ctsWebsite=../../../../../../../../../../etc/passwd%00
to give you some informations.
-----------------------------
Disclosure timeline:
Bug found: 2004
Bug disclosed: Son Sep 25 16:04:40 CEST 2005
Bug fixed: ask your vendor
have fun.
-q
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Sep 2005 00:00Current
7.4High risk
Vulners AI Score7.4