Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] ContentServ features remote file disclosure

Date: Sun Sep 25 2005 - 09:20:55 CDT

--[ ContentServ (still) features remote reading of arbitrary files ]--
-------------------------[ qobaiashigmx.net ]------------------------

/* Boring PHP bug warning:
 * """"""""""""""""""""""""""""""
 * By reading boring PHP bug advisories it is possible to
 * fall asleep (if not affected) instantly w/o a warning!
 * I told you, it's your decision now.

ContentServ is a cms developed by ... ContentServ.de and is a quite
commonly used cms system at least in .de.

Some months ago while pentesting www.contentserv.com i've found a bug
(yo alex i rooted you back then but somehow you didn't need sec support)
in ContentServ 3.1. which - to my surprise - is still accessible on some
installations. Somebody should have read the apache logs over there ;)
I had some fun with it (the bug and your server) back then.

The bug resides in /admin/about.php:

This boils down to a damn stupid:


to give you some informations.

Disclosure timeline:

Bug found: 2004
Bug disclosed: Son Sep 25 16:04:40 CEST 2005
Bug fixed: ask your vendor

have fun.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/