Realist

I have downloaded and reviewed the source code of CMSimple. I have determined that the white screen of death that appears when leveraging lfi on files is due to double including things. This causes things to be re-declared blowing up the app. Through experimentation I have determined that using the LFI to include a particular file, if the code within the app to include that file is removed from the program, would make it possible to render without errors and get the flag. Unfortunately, this include directive does exist and causes a php error. Does this somehow need to be bypassed to get the flag? Am I on the right track here?

their is a known exploit for cmsimple version 3.0 that is an LFI, that is majority of the answer

I have no idea what should I do now, I used a https://www.exploit-db.com/exploits... to upload some file to server, but I can’ find it in /downloads/ (404)
What I am doing wrong?
help please.
PS: I attach the file with the exploit

Why I can’t verify the solution ?

Still have:
Unable to take account of your message. Thank you to resubmit!

Not only in this challange :(

Regards,
grzybek

I need help !
i have found the vulnerability but somehow i cannot find the file i uploaded(not sure if it got uploaded correctly) i used the exploit-db exploit.
Can someone PM and till me what i am doing wrong?

I am also having the same issue!

If anyone has any clues for me, let me know...