Jump to content
Ras

Chupix CMS 0.2.3 (download.php) Remote File Disclosure

Recommended Posts

Posted

# Chupix CMS 0.2.3 (download.php) Remote File Download Vulnerability

# P.Script : http://sourceforge.net/project/showfiles.php?group_id=134930

################################download.php################################

Lain:18->57 ->

********************************************************************************************************************

if(isset($_GET['fichier'])){ <--------------XXXX

*

// téléchargement du fichier

*

$file = "archives/". $_GET['repertoire'] ."/".

$_GET['fichier'];<--------------XXXX *

$fichier_txt = "archives/". $_GET['repertoire'] ."/cpt/". $_GET['fichier']

.".php" *

$repertoire = "archives/". $_GET['repertoire'] ."/cpt/";

*

if(is_file($fichier_txt)){

*

$fp = @fopen($fichier_txt, "r"); <--------------XXXX

*

$result = fread($fp, filesize ($fichier_txt));

*

fclose($fp);

*

$result = str_replace("<?php ", "", $result);

*

$result = str_replace("?>", "", $result);

*

*

$num = trim($result);

*

}else{

*

$num = 0;

*

}

*

$num++;

*

*

$msg = "<?php ". $num ." ?>";

*

*

if(!(is_dir($repertoire))){

*

mkdir ($repertoire, 0755);

*

}

*

*

$fp = @fopen($fichier_txt, "w+");<--------------XXXX

*

if (flock($fp, LOCK_EX)) { // pose un verrou exclusif

*

fwrite($fp, $msg);

*

flock($fp, LOCK_UN); // lib

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...