LFI Vulnerability in 1024cms Admin Control Panel v1.1.0 Beta
========================================================
1024cms Admin Control Panel v1.1.0 Beta (Master-cPanel Package) -
Local File Include Vulnerability
========================================================
Software: 1024cms Admin Control Panel v1.1.0 Beta (master-cpanel package)
Vendor: http://1024cms.org/
Vuln Type: Local File Include
Remote: Yes
Local: No
Discovered by: QSecure and Demetris Papapetrou
Website: http://www.qsecure.com.cy
Discovered: 15/03/2011
Reported: 29/03/2001
Disclosed:
VULNERABILITY DESCRIPTION:
==========================
The script "/index.php" is prone to a local file-include vulnerability because it fails
to properly sanitize user-supplied input in the "processfile" parameter.
An attacker can exploit this vulnerability to obtain potentially sensitive information
and execute arbitrary local scripts in the context of the webserver process. This
may allow the attacker to compromise the application and the underlying computer;
other attacks are also possible.
PoC Exploit:
============
/index.php?mode=login&processfile=../../../../../../etc/passwd
Hello Everybody,
ReplyDeleteMy name is Mrs Sharon Sim. I live in Singapore and i am a happy woman today? and i told my self that any lender that rescue my family from our poor situation, i will refer any person that is looking for loan to him, he gave me happiness to me and my family, i was in need of a loan of $250,000.00 to start my life all over as i am a single mother with 3 kids I met this honest and GOD fearing man loan lender that help me with a loan of $250,000.00 SG. Dollar, he is a GOD fearing man, if you are in need of loan and you will pay back the loan please contact him tell him that is Mrs Sharon, that refer you to him. contact Dr Purva Pius, call/whats-App Contact Number +918929509036 via email:(urgentloan22@gmail.com) Thank you.