This exploit demonstrates a local file inclusion (LFI) vulnerability in Pithcms 0.9.5. The exploit allows an attacker to read arbitrary files (e.g., /etc/passwd) by manipulating the 'lang' parameter in the 'oldnews_reader.php' script.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Pithcms 0.9.5
No auth needed
Prerequisites:Access to the target web application