Re: Plume CMS <= 1.1.10 [prepend.php] Remote File Include Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



D3nGeR@xxxxxxxxx wrote:
Vendor: Plume CMS 1.1.10

Found By : D3nGeR

Scripit Site : http://plume-cms.net



in file [prepend.php]



;

include_once $_PX_config['manager_path'].'/inc/class.config.php'



code

http://site.com/[path]manager/frontinc/prepend.php?_PX_config[manager_path]=[shell code ]


You can't call prepend.php in that path directly, it's protected by:

  if (basename($_SERVER['SCRIPT_NAME']) == 'prepend.php') exit;

In config.php $_PX_config[manager_path] is explicitly set.. And while not included in prepend.php, that file is included in others before access, so there is no vulnerability..

--
Craig Morrison
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
http://pse.2cah.com
  Controlling pseudoephedrine purchases.

http://www.mtsprofessional.com/
  A Win32 email server that works for You.

[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux