Stradus CMS 1.0beta4 – Multiple Vulnerabilities

Exploit Database
12 阅读

作者： DaOne

日期： 2013-03-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/24873/

##########################################
[~] Exploit Title: Stradus CMS Multiple Vulnerabilities
[~] Date: 21-03-2013
[~] Author: DaOne aka Mocking Bird
[~] Vendor Homepage: http://stradus.eu/
[~] Software Link: http://sourceforge.net/projects/straduscms/
[~] Category: webapps/php
[~] Version: 1.0beta4
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
##########################################

# File Upload
http://localhost/SCMS_1.0/moduls/photo_album/upload.php
http://localhost/SCMS_1.0/moduls/simply_image/upload.php

# XSS / SQL Injection
http://localhost/SCMS_1.0/adminfiles/log_view.php?order_by={SQLi/XSS}
http://localhost/SCMS_1.0/moduls/photo_album/new.php?edit={SQLi/XSS}

last Exploits
Stradus CMS 1.0beta4 – Multiple Vulnerabilities的更多信息

IBM Tivoli Access Manager for E-Business – ‘/ivt/ivtserver?parm1’ Cross-Site Scripting：
iProject Management System 1.0 – ‘ID’ SQL Injection：
OneCMS 2.6.1 – ‘short1’ Cross-Site Scripting：
Qlikview 11.20 SR11 – Blind XML External Entity Injection：
D-Link DIR-600L AX 1.00 – Cross-Site Request Forgery：
Kasseler CMS News Module – ‘id’ SQL Injection：
TWiki – Search Function Arbitrary Command Execution (Metasploit)：
WordPress Plugin Simply Poll 1.4.1 – SQL Injection：