You can't call prepend.php in that path directly, it's protected by:
if (basename($_SERVER['SCRIPT_NAME']) == 'prepend.php') exit;
In config.php $_PX_config[manager_path] is explicitly set.. And while
not included in prepend.php, that file is included in others before
access, so there is no vulnerability..
> Vendor: Plume CMS 1.1.10
>
> Found By : D3nGeR
>
> Scripit Site : http://plume-cms.net
>
>
>
> in file [prepend.php]
>
>
>
> ;
>
> include_once $_PX_config['manager_path'].'/inc/class.config.php'
>
>
>
> code
>
> http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_pa
th]=[shell code ]
>
You can't call prepend.php in that path directly, it's protected by:
if (basename($_SERVER['SCRIPT_NAME']) == 'prepend.php') exit;
In config.php $_PX_config[manager_path] is explicitly set.. And while
not included in prepend.php, that file is included in others before
access, so there is no vulnerability..
--
Craig Morrison
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
http://pse.2cah.com
Controlling pseudoephedrine purchases.
http://www.mtsprofessional.com/
A Win32 email server that works for You.
[ reply ]