u5CMS 3.9.3 – ‘thumb.php’ Local File Inclusion

• Exploit Database
• 16 阅读

• 作者： LiquidWorm
  日期： 2015-02-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36028/

• 
  u5CMS 3.9.3 (thumb.php) Local File Inclusion Vulnerability
  
  
  Vendor: Stefan P. Minder
  Product web page: http://www.yuba.ch
  Affected version: 3.9.3 and 3.9.2
  
  Summary: u5CMS is a little, handy Content Management System for medium-sized
  websites, conference / congress / submission administration, review processes,
  personalized serial mails, PayPal payments and online surveys based on PHP and
  MySQL and Apache.
  
  Desc: u5CMS suffers from an authenticated file inclusion vulnerability (LFI) when
  input passed thru the 'f' parameter to thumb.php script is not properly verified
  before being used to include files. This can be exploited to include files from
  local resources with their absolute path and with directory traversal attacks.
  
  Tested on: Apache 2.4.10 (Win32)
   PHP 5.6.3
   MySQL 5.6.21
  
  
  Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2015-5224
  Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5224.php
  
  
  29.12.2014
  
  ---
  
  
  GET /u5cms/thumb.php?w=100&f=..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\..\windows\win.ini HTTP/1.1
  GET /u5cms/thumb.php?w=100&f=/windows/win.ini HTTP/1.1