33 lines
No EOL
1.3 KiB
Text
33 lines
No EOL
1.3 KiB
Text
# Exploit Title: Multiple Vulnerability xEpan 1.0.4
|
|
# Google Dork: not yet
|
|
# Date: 2014-11-27
|
|
# Exploit Author: Parikesit , Kurawa In Disorder
|
|
# Vendor Homepage: http://xepan.org
|
|
# Software Link: http://www.xepan.org/index.php?subpage=download
|
|
# Version: 1.0.4
|
|
# Tested on: Windows 7 Ultimate
|
|
# Vulnerability Type: File Upload
|
|
# Risk Level: High
|
|
# Solution Status: Not Fixed
|
|
# Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id )
|
|
|
|
-----------------------------------------------------------------------------------------------
|
|
|
|
Advisory Details:
|
|
|
|
xEpan have elfinder which can exploited to upload a backdoor
|
|
|
|
1.) vulnerable page : http://target/elfinder/elfinder.html
|
|
Just upload your php backdoor
|
|
and acess there http://target/elfinder/files/<backdoor_name>
|
|
|
|
2.) leak database information : http://target/install.sql
|
|
after installation the script not remove the .sql file it's can be danger
|
|
|
|
3.) important file , like ftp password stored in a public file : http://target/ftpsync.settings
|
|
very danger , how to prevent just use a private privilages or delete the file
|
|
|
|
4.) weak password used : http://target/index.php?page=owner_dashboard
|
|
admin:admin ... :o
|
|
|
|
----------------------------------------------------------------------------------------------- |