Subrion 3.X.X - Multiple Vulnerabilities

2015-10-23T00:00:00
ID 1337DAY-ID-24462
Type zdt
Reporter bRpsd
Modified 2015-10-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            {-} Title => Subrion 3.X.X - Multiple Exploits
 
{-} Author => bRpsd (skype: vegnox)
 
{-} Date Release => 23 October, 2015
 
 
{-} Vendor => Subrion
    Homepage => http://www.subrion.org/
    Download => http://tools.subrion.org/get/latest.zip
    Vulnerable Versions => 3.X.X
    Tested Version => Latest, 3.3.5 on a Wamp Server.
 
{x} Google Dork:: 1 => "© 2015 Powered by Subrion CMS"
{x} Google Dork:: 2 => "Powered by Subrion CMS"
 
--------------------------------------------------------------------------------------------------------------------------------
The installation folder never get deleted or protected unless you deleted it yourself.
Which let any unauthorized user access the installation panel and ruin your website in just a few steps ..
--------------------------------------------------------------------------------------------------------------------------------
 
 
#######################################################################################
Vulnerability #1 : Reset Administrator Password & Database settings
Risk: High
File Path: http://localhost/cms/install/install/configuration/
#######################################################################################
 
 
 
#######################################################################################
Vulnerability #2 : Arbitrary File Download + Full Path Disclouser 
Risk: Medium
File Path: http://localhost/cms/install/install/download/
Method: POST
Parameter (for file contents) : config_content
#######################################################################################
 
 
#######################################################################################
Vulnerability #3 : Unauthorized Arbitrary Plugins Installer 
Risk: Medium
File Path: http://localhost/cms/install/install/plugins/
#######################################################################################
 
 
** SOLUTION ** ! :
Solution for all vulnerabilities is to delete the file located at:
/install/modules/module.install.php
 
 
[email protected] [email protected] !

#  0day.today [2018-04-04]  #