iBaseCMS 1.23 SQL Injection / File Upload

2017-03-07T00:00:00
ID PACKETSTORM:141493
Type packetstorm
Reporter Bilal Kardadou
Modified 2017-03-07T00:00:00

Description

                                        
                                            `################################################  
#Title: iBaseCMS - SQl Injection / File Upload / Remote Code Execution via  
arbitrary file upload  
#Credit: Bilal KARDADOU  
#Vendor: iOnline  
#Vendor URL: http://www.ibasecms.nl  
#Product: iBaseCMS "CONTENT MANAGEMENT SYSTEM"  
#Google Dork: N/A  
################################################  
#  
# --SQL Injection/Exploit--  
#  
# localhost/modules/vacatures/print.php?vacature_id=[SQL]  
# localhost/plus/modules/vacatures/print.php?vacature_id=[SQL]  
#  
# ---PoC---  
# http://prnt.sc/egwfot  
# http://prnt.sc/egwgch  
# http://prnt.sc/egwhtb  
#  
#  
# --File Upload--  
#  
#  
localhost/modules/fckeditor/fckeditor/editor/filemanager/browser/default/browser.html  
#  
# Execution of arbitrary code is possible due to bypass of program's  
security  
# filters (on IIS and Apache web servers).  
#  
#  
# --Remote Code Execution via arbitrary file upload--  
#  
# http://prnt.sc/egwaxi  
#  
# --Panel--  
#  
# /admin/login/index.php  
# http://prntscr.com/egwcpj  
#  
# --CREDITS  
#  
# This vulnerability has been discovered and reported by Bilal KARDADOU(  
https://www.linkedin.com/in/bilal-kardadou-21a000127)  
################################################  
  
--   
*Bilal Kardadou*  
IT Security Consultant  
*E* : b.kardadou@capvalue.ma | *E* : bilalkardadou@gmail.com  
<a.cherrai@gmail.com> |  
`