CVE-2012-6522
published 2013-01-31CVE-2012-6522: Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot)…
PriorityP333medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
4.04%
89.3th percentile
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w-cms | w-cms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
w-CMS 2.0.1 - Multiple Vulnerabilities
exploitdb·2012-04-06
CVE-2012-6522 w-CMS 2.0.1 - Multiple Vulnerabilities
w-CMS 2.0.1 - Multiple Vulnerabilities
---
+----------------------------------------------------------------------+
| ____ _ _ _____ _____ |
| | _ \| | | | |_ _| __ \ |
| | |_) | | __ _ ___| | __ _____ | | | | | | |
| | _ alert('Dz0')
~ [PoC]Http://[victim]/path/index.php?p=alert('Dz0')
+----------------------------------------------------------------------+
4.# Html Code Injection
~ [PoC]Http://[victim]/path/(Guestbook Path)Or(Contact Path)
You Can Inject Html Code In The text Area
Exapmle : Own3d
++ You Can Inject Xss Too
Exapmle : alert('Dz0')
+----------------------------------------------------------------------+
5.# Cross Site Request Forgny (CSRF) Admin Change Pass
~ [PoC] Inject This Evil Code In Contact Form
Test
+-----------------------------------------------
Exploit-DB
w-CMS 2.01 - Multiple Vulnerabilities
exploitdb·2012-01-10
CVE-2012-6523 w-CMS 2.01 - Multiple Vulnerabilities
w-CMS 2.01 - Multiple Vulnerabilities
---
# Exploit Title: W-Cms Multiple Vulnerability
# Date: 2012-01-09
# Author: th3.g4m3_0v3r
# Site:http://w-cms.info/
# Software Link: http://code.google.com/p/wcms/
# Dork: intext:"Powered by w-CMS"
# Version : [2.01]
# Tested on: Window 7
# Yogesh Kashyap, shubneet goel, w4rl0ck.d0wn, Chip, VzAcnY, Razzy, Sayan, Jaggi Panu, Darkgt
# www.h4ck3r.in, www.root-team.com, www.hackingmind.com, www.hackingcrackingtricks.in
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
www.h4ck3r.in www.root-team.com www.hackingmind.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
W-CMS cross site scripting
Vulnerable Link __________\/_____________________
http://localhost/index.php?bid=1&COMMENT=1 "XSS"
http:/
No writeups or analysis indexed.
http://secunia.com/advisories/47527http://www.exploit-db.com/exploits/18348http://www.exploit-db.com/exploits/18711http://www.osvdb.org/80974http://www.securityfocus.com/bid/51359https://exchange.xforce.ibmcloud.com/vulnerabilities/72302http://secunia.com/advisories/47527http://www.exploit-db.com/exploits/18348http://www.exploit-db.com/exploits/18711http://www.osvdb.org/80974http://www.securityfocus.com/bid/51359https://exchange.xforce.ibmcloud.com/vulnerabilities/72302
2013-01-31
Published