New User, Welcome!     Login

The Site

CMS Buzz (XSS/PC/HI) Multiple Remote Vulnerabilities

[+] Demo:http://demo.cmsbuzz.com/
[+] Greeting : yasin
#################################################################################################################
Remote Changing Password:
+++++++++++++++++++++++++
1) You Must Register In ThE site http://www.victim.com/?action=register
2) Login
3) Go To url:
    http:///www.victim.com/?action=profile&user= [ Name Of user ]
Example
http:///www.victim.com/?action=profile&user=admin

Re: [Full-disclosure] Remote Command Execution in dotDefender Site Management

> 
> 
> Technical Details
> =================
> 
> The Site Management application of dotDefender is reachable as a web
> application (https:site/dotDefender/)
> on the webserver. After passing the Basic Auth login you can
> create/delete applications.
> The mentioned vulnerability is in the 'deletesite' implementation and
> the 'deletesitename' variable.

Remote Command Execution in dotDefender Site Management

Technical Details
=================

The Site Management application of dotDefender is reachable as a web
application (https:site/dotDefender/)
on the webserver. After passing the Basic Auth login you can
create/delete applications.
The mentioned vulnerability is in the 'deletesite' implementation and
the 'deletesitename' variable.


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!