Lanius CMS 0.5.2 r1668 Cross Site Request Forgery

input type="hidden" name="userpassword1" value="...

Lanius CMS <= 0.5.2 Remote Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================== Lanius CMS = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if...

Lanius CMS 0.5.2 - Arbitrary File Upload

Lanius CMS 0.5.2 - Arbitrary File Upload = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if isset$allowedext 57. $ext = fileext$thyname; 58. if $ext==='' || !inarray$ext, $allowedext...

Lanius CMS &lt;= 0.5.2 Remote Arbitrary File Upload Exploit

No description provided by source. ?php / -------------------------------------------------------- Lanius CMS = 0.5.2 Remote Arbitrary File Upload Exploit -------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....: http://www.laniuscms.org/...

Lanius CMS 0.5.2 File Upload

= 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if isset$allowedext 57. $ext = fileext$thyname; 58. if $ext==='' || !inarray$ext, $allowedext 59. return sprintfUPLOADDISALLOWEDEXT,...

Lanius CMS 0.5.1 XSRF

-Lanius CMS 0.5.1 CSRF vulnerability -exploit found by d14l and marcoj -greetz to soul,stefo,sp1r1t,invisible,kisobran and others - lanius CMS suffers from csrf vulnerabilities which allows attacker change admins password it is only important to change in source site,path and id of victim and it...

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload

Lanius CMS 1.2.16 - FCKeditor Arbitrary File Upload 0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErr...

Lanius CMS 1.2.16 - &#039;FCKeditor&#039; Arbitrary File Upload

0 && !inarray $sExtension, $arAllowed || count$arDenied 0 && inarray $sExtension, $arDenied 63. SendResults '202' ; 64. 65. $sErrorNumber = '0'...

Lanius CMS 1.2.14 - Multiple SQL Injections

newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org Location : Indonesia bug terdapat pada la-n...

Lanius CMS 1.2.14 - Multiple SQL Injections

Lanius CMS 1.2.14 - Multiple SQL Injections newhackdotorg la-nai cmsv1.2.14 - Remote SQL Injection Vendor : http://www.redlinesoft.net/module.php?modname=content&cid=9 Download : http://sourceforge.net/project/showfiles.php?groupid=191629 Found By : k1tk4t - k1tk4t4tnewhack.org http://newhack.org...

Lanius CMS 1.2.14 FAQ Module - &#039;mid&#039; SQL Injection

source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

Lanius CMS 1.2.14 EZSHOPINGCART Module - cid SQL Injection

Lanius CMS 1.2.14 EZSHOPINGCART Module - cid SQL Injection source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could...

Lanius CMS 1.2.14 GALLERY Module - &#039;gid&#039; SQL Injection

source: https://www.securityfocus.com/bid/25193/info LANAI CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...