CMS Faethon 1.3.2 mainpath Remote File Inclusion Vulnerability.pdf

1 ____________________ ___ ___ ________ 2 \_ _____/\_ ___ \ / | \\_____ \ 3 | __)_ / \ \// ~ \/ | \ 4 | \\ \___\ Y / | \ 5 /_______ / \______ /\___|_ /\_______ / 6 \/ \/ \/ \/ 7 8 .OR.ID 9 ECHO_ADV_33$2006 10 11 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 12 [ECHO_ADV_33$2006] CMS Faethon 1.3.2 mainpath Remote File Inclusion 13 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 14 15 Author : M.Hasran Addahroni a.k.a K−159 16 Date : June, 16th 2006 17 Location : Indonesia, Bali 18 Web : http://advisories.echo.or.id/adv/adv33−K−159−2006.txt 19 Critical Lvl : Highly critical 20 Impact : System access 21 Where : From Remote 22 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 23 24 Affected software description: 25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 26 CMS Faethon 27 28 Application : CMS Faethon 29 version : 1.3.2 30 URL : http://cmsfaethon.com/ 31 Description : 32 33 CMS Faethon is content management system for different web pages. 34 35 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 36 37 Vulnerability: 38 ~~~~~~~~~~~~~~~ 39 40 in folder data we found vulnerability script header.php. 41 42 −−−−−−−−−−−−−−−−−−−−−−−header.php−−−−−−−−−−−−−−−−−−−−−− 43 .... 44 <?php 45 include($mainpath . ’survey.php’); 46 ?> 47 <h2>RSS − cmsfaethon.com</h2> 48 <div class="rss−menu"> 49 <?php 50 $source = ’http://cmsfaethon.com/feed/articles/rss2.php?LangSet=cs’; 51 include($mainpath . ’rss−reader.php’); 52 ?> Page 1/2 CMS Faethon 1.3.2 mainpath Remote File Inclusion Vulnerability K−159 06/16/2006 53 ... 54 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 55 56 Variables $mainpath are not properly sanitized.When register_globals=on and allow_fopenurl=on an attacker can exploit this vulnerabi