CVE-2012-6523

w-cms 2.01 - Cross-Site Scripting via p Parameter or COMMENT Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-6523. PoCs published by th3.g4m3_0v3r.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in W-CMS version 2.01, including XSS and directory traversal attacks. It includes example URLs demonstrating these vulnerabilities but does not contain executable exploit code.

Description

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP

by th3.g4m3_0v3r · textwebappsphp

https://www.exploit-db.com/exploits/18348

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in W-CMS version 2.01, including XSS and directory traversal attacks. It includes example URLs demonstrating these vulnerabilities but does not contain executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: W-CMS 2.01

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK