1 ____________________ ___ ___ ________
2 \_ _____/\_ ___ \ / | \\_____ \
3 | __)_ / \ \// ~ \/ | \
4 | \\ \___\ Y / | \
5 /_______ / \______ /\___|_ /\_______ /
6 \/ \/ \/ \/
7
8
.OR.ID
9 ECHO_ADV_33$2006
10
11 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
12 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion
13 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
14
15 Author : M.Hasran Addahroni a.k.a K−159
16 Date : June, 16th 2006
17 Location : Indonesia, Bali
18 Web : http://advisories.echo.or.id/adv/adv33−K−159−2006.txt
19 Critical Lvl : Highly critical
20 Impact : System access
21 Where : From Remote
22 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
23
24 Affected software description:
25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26 CMS Faethon
27
28 Application : CMS Faethon
29 version : 1.3.2
30 URL : http://cmsfaethon.com/
31 Description :
32
33 CMS Faethon is content management system for different web pages.
34
35 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
36
37 Vulnerability:
38 ~~~~~~~~~~~~~~~
39
40 in folder data we found vulnerability script header.php.
41
42 −−−−−−−−−−−−−−−−−−−−−−−header.php−−−−−−−−−−−−−−−−−−−−−−
43 ....
44 <?php
45 include($mainpath . ’survey.php’);
46 ?>
47 <h2>RSS − cmsfaethon.com</h2>
48 <div class="rss−menu">
49 <?php
50 $source = ’http://cmsfaethon.com/feed/articles/rss2.php?LangSet=cs’;
51 include($mainpath . ’rss−reader.php’);
52 ?>
Page 1/2
CMS Faethon 1.3.2 mainpath Remote File Inclusion Vulnerability
K−159
06/16/2006
53 ...
54 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
55
56 Variables $mainpath are not properly sanitized.When register_globals=on and allow_fopenurl=on an attacker can exploit
this vulnerabi