B-Hind CMS (tiny_mce) – Arbitrary File Upload

Exploit Database
93 阅读

作者： innrwrld & h00die

日期： 2010-05-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12646/

####################################################
#Title: B-Hind CMS (tiny_mce) Remote File Upload
#Vendor: http://www.b-hind.eu/
####################################################
#AUTHOR: innrwrld & h00die
####################################################

#DESCRIPTION (by vendor):###########################
B-interference Lite is a simple CMS for *small websites*. Ideal for local
merchants or organizations. The content of page can be adjusted by*a simple
double click* on the text or title in question. bijmaken a page and / or
removal is easy to use buttons on the website menu.The system is naturally*
multilingual*.

#POC:###############################################
http://site.com/admin/includes/tiny_mce/plugins/tinybrowser/upload.php

#[EOF]

last Exploits
B-Hind CMS (tiny_mce) – Arbitrary File Upload的更多信息

WikLink 0.1.3 – ‘getURL.php’ SQL Injection：
Munin 2.0~rc4-1 – Remote Command Injection：
XOOPS Cube PROJECT FileManager – ‘xupload.php’ Arbitrary File Upload：
WebKit – CachedFrame does not Detach Openers Universal Cross-Site Scripting：
dizqueTV 1.5.3 – Remote Code Execution (RCE)：
Joomla! Component Sponsor Wall 8.0 – SQL Injection：
Sijio Community Software – SQL Injection / Persistent Cross-Site Scripting：
DELTAScripts PHP Links – Multiple SQL Injections：