This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Seacms 11.1 by crafting a malicious HTTP GET request to read arbitrary files from the server. The payload targets the 'file' parameter in the admin_safe.php script to disclose the contents of C:/windows/system.ini.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Seacms 11.1
Auth required
Prerequisites:Access to the admin_safe.php endpoint · Valid session cookies (PHPSESSID, t00ls, etc.)