-- == -- == -- == -- == -- == -- == -- == -- == -- == -- Name: CMS Made Simple - PHP injection Version <= 0.10 Homepage: http://www.cmsmadesimple.org/ Author: Filip Groszynski (VXSfx) Date: 31 August 2005 -- == -- == -- == -- == -- == -- == -- == -- == -- == -- Background: CMS Made Simple is an easy to use content managment system for simple stable content site. Uses PHP, MySQL and Smarty templating system. -------------------------------------------------------- Vulnerable code exist in ./admin/lang.php: -------------------------------------------------------- Exploit: example.html:
EOF -------------------------------------------------------- Contact: Author: Filip Groszynski (VXSfx) Location: Poland Email: groszynskif <|> gmail <|> com -- == -- == -- == -- == -- == -- == -- == -- == -- == --