benjacms-uploadxss.txt

2008-06-23T00:00:00
ID PACKETSTORM:67602
Type packetstorm
Reporter CWH Underground
Modified 2008-06-23T00:00:00

Description

                                        
                                            `==============================================================  
Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities  
==============================================================  
  
,--^----------,--------,-----,-------^--,  
| ||||||||| `--------' | O .. CWH Underground Hacking Team ..  
`+---------------------------^----------|  
`\_,-------, _________________________|  
/ XXXXXX /`| /  
/ XXXXXX / `\ /  
/ XXXXXX /\______(  
/ XXXXXX /   
/ XXXXXX /  
(________(   
`------'  
  
  
AUTHOR : CWH Underground  
DATE : 22 June 2008  
SITE : www.citec.us  
  
  
#####################################################  
APPLICATION : Benja CMS  
VERSION : 0.1  
VENDOR : N/A  
DOWNLOAD : http://downloads.sourceforge.net/benjacms  
#####################################################  
  
--- Broken Authentication ---  
  
Anonymous can access to administrative control that can add/delete menu  
[+] http://[Target]/[benjacms_path]/admin/  
  
  
--- Arbitrary File upload ---  
  
Upload Path:  
[+] http://[Target]/[benjacms_path]/admin/upload.php  
  
File Location:  
[+] http://[Target]/[benjacms_path]/billeder/[Evil File]  
  
***Can upload malicious files such as php shell script***  
  
  
--- Remote XSS Exploit ---  
  
---------  
Exploit  
---------  
  
[+] http://[Target]/[benjacms_path]/admin/admin_edit_submenu.php/<XSS>  
[+] http://[Target]/[benjacms_path]/admin/admin_new_submenu.php/<XSS>  
[+] http://[Target]/[benjacms_path]/admin/admin_edit_topmenu.php/<XSS>  
  
##################################################################  
Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos   
##################################################################  
`