# Title : PulseCMS Basic <= 1.3_Get.Pro (RFD/UF/XSS) Vulnerabilities
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com | ked-h@exploit-id.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : php
# Impact : Remote File Disclosure + Upload File + XSS
# Tested on : Windows XP sp3 FR & Linux.(Ubuntu 10.10) En
###
# [?] ~ special thanks to Caddy-Dz
###
# Exploit (!> Default Password : 'demo'
#====== Vulnerability (1) Remote File Disclosure [FD] ===>
(!) Demo :
(*) Exploit :
%{
M = month
D = day
Y = year
H = hour
Mn = minute
}%
:::::::::::::::::::::::::::::::::::::::::::::::::::::::
#====== Vulnerability (2) Remote File Upload [FU] ====>
(*) Upload File And Submit ! ...
::::::::::::::::::::::::::::::::::::::::::::::::::::::::
#====== Vulnerability (3) XSS Inj3cTi0n [XSS] ====>
(!) After Login to The 'PluseCMS' Add The New Block ../index.php?p=new-block
> Add Block Name , Title ... Put The XSS Code In Block Source :
Code:
"><script>alert('HaCked By KedAns-Dz');</script>
> Go to Your Block And Exploited
#=============[ Exploited By KedAns-Dz * HST-Dz *]===============
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * agix *
# gunslinger_ * Sn!pEr.S!Te * ZoRLu * anT!-Tr0J4n 'www.1337day.com/team' ++ ....
# Exploit-Id Team : jos_ali_joe + kaMtiEz (exploit-id.com) ... All Others * TreX (hotturks.org)
# JaGo-Dz (sec4ever.com) * KelvinX (kelvinx.net) * PaCketStorm Team (www.packetstormsecurity.org)
# www.metasploit.com * www.securityreason.com * All Security and Exploits Webs ...
Tidak ada komentar:
Posting Komentar