==============================================================================
Fork-CMS Local File Inclusion:

Author: Rafay Baloch

Introduction:

Local file inclusion vulnerability occur when the include function is not
sanitized properl, LFI is classified under OWASP

Top10 under "A4 Insecure Direct Object References" also commonly known as a
form of "Directory traversal attack".

Impact:

Depending upon the scenario, If /etc/proc/environ file is accessible, LFI
could be used to
for uploading a shell/backdoor on to the server.
If /proc/environ file is not accessible, LFI can be combined with Log file
inclusion to acheieve a RCE (Remote code

execution upon the server"

Proof OF Concept:

The url below would be displaying the contents of /etc/passwd file, the
password is shadowed and would be accesible under

/etc/shadow only under root priviledges, but still lfi gives a good attack
surface for an attacker.

http://www.fork-cms.com/frontend/js.php?

module=core&file=../../../../../../../../../../../../../../../../etc/passwd&language=en&m=1339527371


Mitigations:

https://www.owasp.org/index.php/A10_2004_Insecure_Configuration_Management
https://www.owasp.org/index.php/Top_10_2013-A4-Insecure_Direct_Object_References