[0-DAY] Active.CMS Версия: 1.8.1 mutiple vulns

swagcat228 · 09.07.2020

уязвимость была обнаружена в файле cms/kernel/insert.inc.php

недостаточная фильтрация переменной curPos приводит к сразу двум ошибкам

1 - раскрытие путей (передача GET параметра как массива)

2 - пассивная XSS

rlz · 21.07.2020

did you find any serious vulnerability in the CMS and what is average number customer base of the vulnerable CMS?

swagcat228 · 24.07.2020

rlz сказал(а):

did you find any serious vulnerability in the CMS and what is average number customer base of the vulnerable CMS?

yes. i did.

this CMS is privat solution of one quite large (residents in at least 3 countries) data-hoster service.

rlz · 27.07.2020

swagcat228 сказал(а):

yes. i did.

this CMS is privat solution of one quite large (residents in at least 3 countries) data-hoster service.

That is exactly what I meant! Amazing working on finding vulnerability on anything new?

swagcat228 · 27.07.2020

rlz сказал(а):

That is exactly what I meant! Amazing working on finding vulnerability on anything new?

combine

etc/passwd · 26.08.2020

Почему не указал ссылку на оригинал темы?

swagcat228 · 27.08.2020

etc/passwd сказал(а):

Почему не указал ссылку на оригинал темы?

https://xss.pro/threads/39432/

Ок, исправил

[0-DAY] Active.CMS Версия: 1.8.1 mutiple vulns

swagcat228

X-pert

rlz

RAID-массив

swagcat228

X-pert

rlz

RAID-массив

swagcat228

X-pert

etc/passwd

(L3) cache

swagcat228

X-pert