SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   easy-CMS Vendors:   php-easy-cms.sourceforge.net
easy-CMS Lets Remote Authenticated Users Upload and Execute Arbitrary Code
SecurityTracker Alert ID:  1016335
SecurityTracker URL:  http://securitytracker.com/id/1016335
CVE Reference:   CVE-2006-3128   (Links to External Site)
Updated:  May 19 2009
Original Entry Date:  Jun 20 2006
Impact:   Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 0.1.2
Description:   A vulnerability was reported in easy-CMS. A remote user can upload and execute arbitrary code on the target system.

A remote authenticated user can invoke 'choose_file.php' to upload a file with a '.gif' file extension and containing arbitrary PHP code. Then, the user can invoke the file directly from the '/Repositories' directory to cause the arbitrary code to be executed on the target system. The code will run with the privileges of the target web service.

Liz0ziM discovered this vulnerability.

The original advisory is available at:

http://biyosecurity.be/bugs/easycms.txt

Impact:   A remote user can upload and execute arbitrary code on the target system with the privileges of the target web service.
Solution:   No solution was available at the time of this entry.
Vendor URL:  sourceforge.net/projects/php-easy-cms/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any)

Message History:   None.


 Source Message Contents

Subject:  Easy CMS 0.1.2 Php Shell Upload Vulnerabilities

Easy CMS 0.1.2 Php Shell Upload Vulnerabilities 

----------------------------------------------------

site:http://sourceforge.net/projects/php-easy-cms/

demo:http://www.easy-cms.be/

--------------------------------------------------

Bug:


1)http://victim/choose_file.php



  Documents 

 

  Images 

 

  Scripts 

 

  Styles 

 

  Templates 

 

  Add a directory 

 

  Add a file 



2)click add a file 


and upload shell.php.gif 


http://victim/Repositories/shell.php.gif



Example bug video download here http://biyosecurity.be/video/easycms.rar



 

----------------------------------------------------------

Credit:Liz0ziM

Mail:liz0@bsdmail.com

Site:www.biyo.tk,www.biyosecurity.be


---------------------------------------------------------------

Source:


http://biyosecurity.be/bugs/easycms.txt

http://www.blogcu.com/Liz0ziM/719389/

http://liz0zim.no-ip.org/easycms.txt



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC