3 matches found
CodoForum 3.4 - Persistent Cross-Site Scripting
CodoForum 3.4 - Persistent Cross-Site Scripting Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link:...
CodoForum 3.4 - Persistent Cross-Site Scripting
Exploit Title: Codoforum v3.4 Stored Cross-Site Scripting Stored XSS Google Dork: intext:"powered by codoforum" Date: 01/06/2016 Exploit Author: Ahmed Sherif OffensiveBits Vendor Homepage: http://codologic.com/page/ Software Link: http://codoforum.com/index.php Version: V3.4 Tested on: Linux Mint...
ChurcHope Theme <= 2.1 - Local File Inclusion (LFI)
The vulnerability is caused by improper filtration of user-supplied input passed via the 'file' HTTP GET parameter to the '/lib/downloadlink.php' script, which is publicly accessible. PoC http://www.example.com/wp-content/themes/churchope/lib/downloadlink.php?file=../../../../wp-config.php...