DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-15307", "type": "zdt", "bulletinFamily": "exploit", "title": "CompactCMS 1.4.1 Multiple Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2011-01-16T00:00:00", "modified": "2011-01-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/15307", "reporter": "NLSecurity", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-03-19T11:09:45", "viewCount": 10, "enchantments": {"score": {"value": 0.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "sourceHref": "https://0day.today/exploit/15307", "sourceData": "# Exploit Title: CompactCMS 1.4.1 Multiple Vulnerabilities\r\n# Google Dork: intext:\"Maintained with CompactCMS.nl\" intitle:\"Print: *\"\r\n# Date: 17-12-2010\r\n# Author: NLSecurity\r\n# Software Link: http://files.compactcms.nl/stable/\r\n# Version: CompactCMS 1.4.1\r\n# Credits: http://www.nlsecurity.org/\r\n# Extra: irc.6667.eu #main\r\n \r\nDescription:\r\n \r\nCompactCMS 1.4.1 has multiple XSS and File Disclosure vulnerabilities. These file disclosures will\r\nappear if the users have access to view open directories.\r\n \r\n--- File Disclosures ---\r\n \r\n/admin/includes/modules/backup-restore/\r\n/admin/includes/modules/backup-restore/content-owners/\r\n/admin/includes/modules/backup-restore/module-management/\r\n/admin/includes/modules/backup-restore/permissions/\r\n/admin/includes/modules/backup-restore/template-editor/\r\n/admin/includes/modules/backup-restore/user-management/\r\n \r\n/admin/includes/fancyupload/\r\n/admin/includes/fancyupload/Assets/\r\n/admin/includes/fancyupload/Assets/Icons/\r\n \r\n/admin/includes/fancyupload/Backend/\r\n/admin/includes/fancyupload/Backend/Assets/\r\n/admin/includes/fancyupload/Backend/Assets/getid3/\r\n \r\n/admin/includes/fancyupload/Language/\r\n/admin/includes/fancyupload/Source/\r\n/admin/includes/fancyupload/Source/Uploader/\r\n \r\n/admin/includes/edit_area/\r\n/admin/includes/edit_area/images/\r\n/admin/includes/edit_area/langs/\r\n/admin/includes/edit_area/reg_syntax/\r\n \r\n/admin/img/mochaui/\r\n/admin/img/styles/\r\n/admin/img/uploader/\r\n \r\n/_docs/\r\n \r\n... Perhaps more, but this should give an idea. :-)\r\n \r\n--- Cross-Site Scripting Vulnerabilities (XSS) ---\r\n \r\n/afdrukken.php?page=\">[XSS]\r\n \r\nThis can be found on line 48:\r\n<strong><a href=\"<?php echo $ccms['rootdir'];?><?php echo ($_GET['page']!=$cfg['homepage'])?$_GET['page'].'.html':null; ?>\"><?php echo $ccms['lang']['system']['tooriginal']; ?></a></strong>\r\nVuln: $_GET['page']\r\n \r\n---\r\n \r\n/admin/includes/modules/permissions/permissions.Manage.php?status=notice&msg=[XSS]\r\n \r\nThis can be found on line 62:\r\n<?php if(isset($_GET['msg'])) { echo '<span class=\"ss_sprite ss_confirm\">'.$_GET['msg'].'</span>'; } ?>\r\nVuln: $_GET['msg']\r\n \r\n---\r\n \r\n/lib/includes/auth.inc.php\r\nUsername input field (userName) has an XSS vulnerability when using POST data.\r\n \r\nThis can be found on line 119:\r\n<label for=\"userName\"><?php echo $ccms['lang']['login']['username']; ?></label><input type=\"text\" class=\"alt title\" autofocus placeholder=\"username\" name=\"userName\" style=\"width:300px;\" value=\"<?php echo (!empty($_POST['userName'])?$_POST['userName']:null);?>\" id=\"userName\" />\r\nVuln: $_POST['userName']\r\n\r\n\n\n# 0day.today [2018-03-19] #", "_state": {"dependencies": 1645359536}}

{}