[VIM] 60cycleCMS <= 2.5.0 Remote File Include Exploit
George A. Theall
theall at tenablesecurity.com
Tue Dec 22 19:33:29 UTC 2009
With a bit of encouragement from Steve...
Exploit DB's #10551 looks bogus to me. PoC is:
[60cycleCMS_path]/common/sqlConnect.php?DOCUMENT_ROOT=[SHELL
DIRECTORY]/something
Code snippet from 2.5.0, which is supposedly affected:
// include your sql info file here
$root = $_SERVER['DOCUMENT_ROOT'];
require "$root/../config.php";
$_SERVER is one of those predefined variables in PHP and contains
server and execution environment info. As far as I know, a remote
attacker can't override it, least not by passing in something through
a 'DOCUMENT_ROOT' parameter.
George
--
theall at tenablesecurity.com
More information about the VIM
mailing list