.. / CVE-2008-2650

Exploit for CMSimple 3.1 - Local File Inclusion (CVE-2008-2650)

Description:

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.

Nuclei Template

View the template here CVE-2008-2650.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2008/CVE-2008-2650.yaml

References:

http://web.archive.org/web/20140729144732/http://secunia.com:80/advisories/30463
http://www.cmsimple.com/forum/viewtopic.php?f=2&t=17
https://exchange.xforce.ibmcloud.com/vulnerabilities/42792
https://exchange.xforce.ibmcloud.com/vulnerabilities/42793
https://nvd.nist.gov/vuln/detail/CVE-2008-2650

.. / CVE-2008-2650 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for CMSimple 3.1 - Local File Inclusion (CVE-2008-2650)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2008-2650