Subrion 3.X.X - Multiple Vulnerabilities

2015-10-23T00:00:00
ID EDB-ID:38525
Type exploitdb
Reporter bRpsd
Modified 2015-10-23T00:00:00

Description

Subrion 3.X.X - Multiple Vulnerabilities. Webapps exploit for php platform

                                        
                                            {-} Title => Subrion 3.X.X - Multiple Exploits

{-} Author => bRpsd (skype: vegnox)

{-} Date Release => 23 October, 2015


{-} Vendor => Subrion
    Homepage => http://www.subrion.org/
	Download => http://tools.subrion.org/get/latest.zip
	Vulnerable Versions => 3.X.X
	Tested Version => Latest, 3.3.5 on a Wamp Server.

{x} Google Dork:: 1 => "© 2015 Powered by Subrion CMS"
{x} Google Dork:: 2 => "Powered by Subrion CMS"

--------------------------------------------------------------------------------------------------------------------------------
The installation folder never get deleted or protected unless you deleted it yourself.
Which let any unauthorized user access the installation panel and ruin your website in just a few steps ..
--------------------------------------------------------------------------------------------------------------------------------


#######################################################################################
Vulnerability #1 : Reset Administrator Password & Database settings
Risk: High
File Path: http://localhost/cms/install/install/configuration/
#######################################################################################



#######################################################################################
Vulnerability #2 : Arbitrary File Download + Full Path Disclouser 
Risk: Medium
File Path: http://localhost/cms/install/install/download/
Method: POST
Parameter (for file contents) : config_content
#######################################################################################


#######################################################################################
Vulnerability #3 : Unauthorized Arbitrary Plugins Installer 
Risk: Medium
File Path: http://localhost/cms/install/install/plugins/
#######################################################################################


** SOLUTION ** ! :
Solution for all vulnerabilities is to delete the file located at:
/install/modules/module.install.php


H@PPY H@CK1NG !