what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Seditio CMS 1.7.1 Password Disclosure

Seditio CMS 1.7.1 Password Disclosure
Posted Jul 27, 2015
Authored by Arash Khazaei

Seditio CMS version 1.7.1 suffers from an administrator password disclosure vulnerability.

tags | exploit, info disclosure
SHA-256 | 1780346582854c7fdc89148449d9eeb1ad330538db092f6b047b6f4ff3c1e490

Seditio CMS 1.7.1 Password Disclosure

Change Mirror Download
[+] Exploit Title: Seditio CMS Multiple Vulnerabilities
[+] Google Dork: intext:"Powered by Seditio CMS"
[+] Date: 27/7/2015
[+] Exploit Author: Arash Khazaei
[+] Vendor Homepage: http://www.seditiocms.com/
[+] Software Link: http://www.seditiocms.com/page.php?id=20&a=dl
[+] Version: 1.7.1(Last Version)
[+] Tested on: Kali , Windows
[+] CVE : N/A

===============================
Introduction :
1- a vulnerability in seditio cms reveal Admin Password For Attacker.
2- another Vulnerability in This CMS Is After Admin Logged Out Session Will
Be Not Expired .
===============================
Reaval Admin Password :
POC 1:
in seditio CMS If We Login With Remember Feature CMS Make COokies Like This
:

MTpfOjU4YjU0NDRjZjFiNjI1M2E0MzE3ZmUxMmRhZmY0MTFhNzhiZGEwYTk1Mjc5YjFkNTc2OGViZjVjYTYwODI5ZTc4ZGE5NDRlOGE5MTYwYTBiNmQ0MjhjYjIxM2U4MTM1MjVhNzI2NTBkYWM2N2I4ODg3OTM5NGZmNjI0ZGE0ODJmOl86c3BlY2lhbA==

if we decode This base64 Encoded Text We Got This :

1:_:58b5444cf1b6253a4317fe12daff411a78bda0a95279b1d5768ebf5ca60829e78da944e8a9160a0b6d428cb213e813525a72650dac67b88879394ff624da482f:_:special

If Look Between 1:_: We Have hashed Password Of Admin In This case Hashed
Password Is admin1 .

do If Admin Cookie Stealed site Admin Password Can Be Stealed By Attacker
If Password Not Strong To Much.
==================================================
POC 2:

if admin cookie stealed by reason Anything If We Set Base64 Of Admin
Password Like this :

MTpfOjU4YjU0NDRjZjFiNjI1M2E0MzE3ZmUxMmRhZmY0MTFhNzhiZGEwYTk1Mjc5YjFkNTc2OGViZjVjYTYwODI5ZTc4ZGE5NDRlOGE5MTYwYTBiNmQ0MjhjYjIxM2U4MTM1MjVhNzI2NTBkYWM2N2I4ODg3OTM5NGZmNjI0ZGE0ODJmOl86c3BlY2lhbA==

and set it on your self cookie you logged in as admin in site .

Session Of Admin After Logged Out Never Will Be Expired .


Discovered By : Arash Khazaei .
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    8 Files
  • 29
    Sep 29th
    14 Files
  • 30
    Sep 30th
    19 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close