Realist
Realist P0wn3d
I have downloaded and reviewed the source code of CMSimple. I have determined that the white screen of death that appears when leveraging lfi on files is due to double including things. This causes things to be re-declared blowing up the app. Through experimentation I have determined that using the LFI to include a particular file, if the code within the app to include that file is removed from the program, would make it possible to render without errors and get the flag. Unfortunately, this include directive does exist and causes a php error. Does this somehow need to be bypassed to get the flag? Am I on the right track here?
Realist P0wn3d
their is a known exploit for cmsimple version 3.0 that is an LFI, that is majority of the answer
Realist - P0wn3d
I have no idea what should I do now, I used a https://www.exploit-db.com/exploits... to upload some file to server, but I can’ find it in /downloads/ (404)
What I am doing wrong?
help please.
PS: I attach the file with the exploit
Realist P0wn3d
I need help !
i have found the vulnerability but somehow i cannot find the file i uploaded(not sure if it got uploaded correctly) i used the exploit-db exploit.
Can someone PM and till me what i am doing wrong?
Realist P0wn3d
I am also having the same issue!
If anyone has any clues for me, let me know...