Document Title: =============== LightNEasy v2.3.3 - Local File Include Vulnerability References (Source): ==================== LightNEasy v2.3.3 Release Date: ============= 2011-09-21 Vulnerability Laboratory ID (VL-ID): ==================================== 50 Product & Service Introduction: =============================== LightNEasy is not only a CMS, It actually creates plain, pure web pages for your whole website, making it SEO friendly and fast loading. Each time you add a page, alter the menus, it regenerates all pages again so that they remain fully integrated. Search engines, like Google, prefer simple HTML or PHP pages and simple links to follow from page to page. LightNEasy in fact generates all the pages of your website, and what search engines find is a series of pure pages that link to other pages, instead of some fancy php scripts and strange urls. LightNEasy was created for developing and maintaining private or small commercial websites. Depending on your programming skills, however, LightNEasy can be the framework of virtually any website. (Copy from the Vendors Homepage: http://www.lightneasy.org/ ) Abstract Advisory Information: ============================== Vulnerability Lab team discovered a local File Inclusion Vulnerability on LightNEasys CMS v2.3.3 Vulnerability Disclosure Timeline: ================================== 2011-09-21: Public or Non-Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Exploitation Technique: ======================= Remote Severity Level: =============== Medium Technical Details & Description: ================================ Attackers can include files for example .html over a not restricted include function. This vulnerability can be exploited by attackers to request local cms files. Vulnerable Module(s): [+] LightNEasy.php Param(s): [+] ?page=x.html&do=delete Picture(s): ../1.png Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attacker. For demonstration or reproduce ... Path: ../lightneasy/ File: LightNEasy.php Para: ?page= Reference: http://demo.test.com/lightneasy/LightNEasy.php?page=[Local File Inclusion]&do=delete PoC: http://localhost:8080/lightneasy/LightNEasy.php?page=testfile.html&do=delete Security Risk: ============== The security risk of the local file include vulnerability is estimated as medium(+). Credits & Authors: ================== Vulnerability Research Laboratory - N/A Anonymous Disclaimer & Information: ========================= The information provided in this advisory is provided as it is without any warranty. Vulnerability-Lab disclaims all warranties, either expressed or implied, including the warranties of merchantability and capability for a particular purpose. Vulnerability- Lab or its suppliers are not liable in any case of damage, including direct, indirect, incidental, consequential loss of business profits or special damages, even if Vulnerability-Lab or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, policies, deface websites, hack into databases or trade with fraud/stolen material. Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.vulnerability-lab.com/register Contact: admin@vulnerability-lab.com - support@vulnerability-lab.com - research@vulnerability-lab.com Section: video.vulnerability-lab.com - forum.vulnerability-lab.com - news.vulnerability-lab.com Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - youtube.com/user/vulnerability0lab Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - vulnerability-lab.com/rss/rss_news.php Any modified copy or reproduction, including partially usages, of this file requires authorization from Vulnerability Laboratory. Permission to electronically redistribute this alert in its unmodified form is granted. All other rights, including the use of other media, are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, advisories, sourcecode, videos and other information on this website is trademark of vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use or edit our material contact (admin@vulnerability-lab.com or support@vulnerability-lab.com) to get a permission. Copyright © 2012 | Vulnerability Laboratory