exploit the possibilities

Fork CMS Local File Inclusion

Fork CMS Local File Inclusion
Posted Apr 18, 2013
Authored by Rafay Baloch

Fork CMS suffers from a local file inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | f39098732c9f6a7ef2625e750394cdc5

Fork CMS Local File Inclusion

Change Mirror Download
==============================================================================
Fork-CMS Local File Inclusion:

Author: Rafay Baloch

Introduction:

Local file inclusion vulnerability occur when the include function is not
sanitized properl, LFI is classified under OWASP

Top10 under "A4 Insecure Direct Object References" also commonly known as a
form of "Directory traversal attack".

Impact:

Depending upon the scenario, If /etc/proc/environ file is accessible, LFI
could be used to
for uploading a shell/backdoor on to the server.
If /proc/environ file is not accessible, LFI can be combined with Log file
inclusion to acheieve a RCE (Remote code

execution upon the server"

Proof OF Concept:

The url below would be displaying the contents of /etc/passwd file, the
password is shadowed and would be accesible under

/etc/shadow only under root priviledges, but still lfi gives a good attack
surface for an attacker.

http://www.fork-cms.com/frontend/js.php?

module=core&file=../../../../../../../../../../../../../../../../etc/passwd&language=en&m=1339527371


Mitigations:

https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References

Comments (1)

RSS Feed Subscribe to this comment feed
diewy

This error was only applicable to the fork website itself, the CMS was never vulnerable. Thank you for reporting.

Dieter W.
Fork CMS

Comment by diewy
2013-04-19 09:51:43 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    9 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close