what you don't know can hurt you

Fork CMS Local File Inclusion

Fork CMS Local File Inclusion
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | f39098732c9f6a7ef2625e750394cdc5

Fork CMS Local File Inclusion

Change Mirror Download
==============================================================================
Fork-CMS Local File Inclusion:

Author: Rafay Baloch

Introduction:

Local file inclusion vulnerability occur when the include function is not
sanitized properl, LFI is classified under OWASP

Top10 under "A4 Insecure Direct Object References" also commonly known as a
form of "Directory traversal attack".

Impact:

Depending upon the scenario, If /etc/proc/environ file is accessible, LFI
could be used to
for uploading a shell/backdoor on to the server.
If /proc/environ file is not accessible, LFI can be combined with Log file
inclusion to acheieve a RCE (Remote code

execution upon the server"

Proof OF Concept:

The url below would be displaying the contents of /etc/passwd file, the
password is shadowed and would be accesible under

/etc/shadow only under root priviledges, but still lfi gives a good attack
surface for an attacker.

http://www.fork-cms.com/frontend/js.php?

module=core&file=../../../../../../../../../../../../../../../../etc/passwd&language=en&m=1339527371


Mitigations:

https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References

Comments (1)

RSS Feed Subscribe to this comment feed
diewy

This error was only applicable to the fork website itself, the CMS was never vulnerable. Thank you for reporting.

Dieter W.
Fork CMS

Comment by diewy
2013-04-19 09:51:43 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close