OneFileCMS v.1.1.5 Local File Inclusion Vulnerability

16 Mar

# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: —
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage:
# Software Link:
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

OneFileCMS is just that. It’s a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script. Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.

[!] All vulnerabilities requires authentication. [!]

Directory Listing, using the “i” parameter:

Read local files, using the “f” parameter:

Leave a comment

Posted by on March 16, 2012 in Exploits


Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


Get every new post delivered to your Inbox.

%d bloggers like this: