Subrion 3.x – Multiple Vulnerabilities

• Exploit Database
• 147 阅读

• 作者： bRpsd
  日期： 2015-10-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38525/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53

  {-} Title => Subrion 3.X.X - Multiple Exploits   {-} Author => bRpsd (skype: vegnox)   {-} Date Release => 23 October, 2015     {-} Vendor => Subrion Homepage => http://www.subrion.org/ Download => http://tools.subrion.org/get/latest.zip Vulnerable Versions => 3.X.X Tested Version => Latest, 3.3.5 on a Wamp Server.   {x} Google Dork:: 1 => "© 2015 Powered by Subrion CMS" {x} Google Dork:: 2 => "Powered by Subrion CMS"   -------------------------------------------------------------------------------------------------------------------------------- The installation folder never get deleted or protected unless you deleted it yourself. Which let any unauthorized user access the installation panel and ruin your website in just a few steps .. --------------------------------------------------------------------------------------------------------------------------------     ####################################################################################### Vulnerability #1 : Reset Administrator Password & Database settings Risk: High File Path: http://localhost/cms/install/install/configuration/ #######################################################################################       ####################################################################################### Vulnerability #2 : Arbitrary File Download + Full Path Disclouser Risk: Medium File Path: http://localhost/cms/install/install/download/ Method: POST Parameter (for file contents) : config_content #######################################################################################     ####################################################################################### Vulnerability #3 : Unauthorized Arbitrary Plugins Installer Risk: Medium File Path: http://localhost/cms/install/install/plugins/ #######################################################################################     ** SOLUTION ** ! : Solution for all vulnerabilities is to delete the file located at: /install/modules/module.install.php     H@PPY H@CK1NG !