OneFileCMS 1.1.5 - Local File Inclusion Vulnerability

EDB-ID: 18607 CVE: N/A OSVDB-ID: 80099
Verified: Author: mr.pr0n Published: 2012-03-16
Download Exploit: Source Raw Download Vulnerable App:
# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: --
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: -
# Software Link:
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

OneFileCMS is just that. It's a flat, light, one file CMS (Content
Management System) entirely contained in an easy-to-implement, highly
customizable, database-less PHP script. Coupling a utilitarian code editor
with all the basic necessities of an FTP application, OneFileCMS can
maintain a whole website completely in-browser without any external

[!] All vulnerabilities requires authentication. [!]

Directory Listing, using the "i" parameter:

Read local files, using the "f" parameter: