header-logo
Suggest Exploit
vendor:
JaxCMS
by:
Hamza 'MizoZ' N.
8,8
CVSS
HIGH
Local File Include
98
CWE
Product Name: JaxCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

JaxCMS (p) Local File Include

The vulnerability is in the get $_GET['p'], the index.php include '/pages/'.$_GET['p'].'.php'. So we can read any file in the server.

Mitigation:

Sanitize user input and validate the input before using it.
Source

Exploit-DB raw data:

/*

Name : JaxCMS (p) Local File Include
WebSite : http://www.pixiescripts.com/

Author : Hamza 'MizoZ' N.
Email : mizozx@gmail.com<mailto:mizozx@gmail.com>

Greetz : Zuka !

*/

The vulnerability is in the get $_GET['p'] , the index.php include '/pages/'.$_GET['p'].'.php'

So we can read any file in the server .

EXPLOIT :

http://server/[JaxCMS PATH]/index.php?p=[LFI]%00

Navigation

Suggest Exploit

Services By CQR