[webapps / 0day] - SkyBlueCanvas [1.1 r248] SVN repository V
Posted on 25 September 2010
<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'><html xmlns='http://www.w3.org/1999/xhtml'><head><meta http-equiv='Content-Type' content='text/html; charset=utf-8' /><meta http-equiv='Content-Language' content='en' /><title>SkyBlueCanvas [1.1 r248] SVN repository Vulnerability | Inj3ct0r - exploit database : vulnerability : 0day : shellcode</title><meta name='description' content='Date: 25 Sep 2010 | Exploit category: webapps / 0day | Exploit author: indoushka | Inj3ct0r exploit database' /><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon' /><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss' /><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></head><body><pre>===================================================== SkyBlueCanvas [1.1 r248] SVN repository Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ####################################### 1 0 I'm indoushka member from Inj3ct0r Team 1 1 ####################################### 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 ######################################################################## # Vendor: http://www.skybluecanvas.com/ # Date: 2010-07-27 # Author : indoushka # Thanks to : Powered by SkyBlueCanvas # Contact : 00213771818860 # Home : www.sec4ever.net # Tested on : windows SP2 Fran?ais V.(Pnx2 2.0) ######################################################################## # Exploit By indoushka SVN repository : Vulnerability description : Subversion metadata directory (.svn) was found in this folder. An attacker can extract sensitive information by requesting the hidden metadata directory that popular version control tool Subversion creates. The metadata directories are used for development purposes to keep track of development changes to a set of source code before it is committed back to a central repository (and vice-versa). When code is rolled to a live server from a repository, it is supposed to be done as an export rather than as a local working copy, and hence this problem. This vulnerability affects /skybluecanvas.v1.1-r248/data/skins/techjunkie/fragments/links/.svn/entries. The impact of this vulnerability: These files may expose sensitive information that may help an malicious user to prepare more advanced attacks. Attack details : http://127.0.0.1/skybluecanvas.v1.1-r248/data/skins/techjunkie/fragments/articles/.svn/entries How to fix this vulnerability: Remove these files from production systems or restrict access to the .svn directory. To deny access to all the .svn folders you need to add the following lines in the appropriate context (either global config, or vhost/directory, or from .htaccess): <Directory ~ ".svn"> Order allow,deny Deny from all </Directory> ----------------------------- <head> <title>SkyBlueCanvas :: Media</title> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8" /> <link rel="stylesheet" type="text/css" href="ui/admin/css/ssm.master.css" /> <link rel="stylesheet" type="text/css" href="ui/elements/css/elements.css" /> <script type="text/javascript" src="ui/admin/js/jquery.js"></script> <script type="text/javascript" src="ui/admin/js/imagehover.js"></script> <script type="text/javascript" src="ui/admin/js/scripts.js"></script> <!--[if IE 6]> <link rel="stylesheet" type="text/css" href="ui/admin/css/ie6.css" /> <![endif]--> <!--[if IE 7]> <link rel="stylesheet" type="text/css" href="ui/admin/css/ie7.css" /> <![endif]--> </head> <body id="admin" class="manager"> <div id="container"> <div id="header"> <ul id="top-nav"> </ul> </div> <div id="main"> <div id="navigation"> <ul id="tabs"> <li><a href="http://127.0.0.1/skybluecanvas.v1.1-r248/admin.php?mgr=main">Main Dashboard</a></li> <li id="tab-media" class="active"> <a href="http://127.0.0.1/skybluecanvas.v1.1-r248/admin.php?mgroup=pictures&mgr=media">Media</a> </li> </ul> </div> <div id="result"> <!--{result}--> <!-- <div class="info"><h2>Foo Bar</h2><p>This is a test</p></div> --> </div> <div id="sub-menus"> <!-- <div class="dashboard_submenu"> --> <!-- </div> --> </div> <div id="main-content"> <fieldset> <form id="mgrform" method="post" action="http://127.0.0.1/skybluecanvas.v1.1-r248/admin.php?mgroup=pictures&mgr=media&objtype=media&dir=all" enctype="multipart/form-data" > <!-- <div id="top-buttons"><input class="wymupdate button" type="submit" name="submit" value="Upload" /> <input class="wymupdate button" type="submit" name="submit" value="Cancel" /> </div> --> <table id="top-buttons" cellpadding="0" cellspacing="0"> <tr> <td align="left"></td> <td align="right"><input class="wymupdate button" type="submit" name="submit" value="Upload" /> <input class="wymupdate button" type="submit" name="submit" value="Cancel" /> </td> </tr> </table> <div id="overflowwrapper" style="clear: both;"> <table id="media" class="linkstable" cellpadding="0" cellspacing="0" > <fieldset class="right"> <tr> <th>Upload File:</th> <th>To Directory:</th> </tr> <tr><td><input class="uploadfield" type="file" name="upload[]" size="12"></input></td> <td><select name="uploadDir[]" size="1" > <option value="data/media/pages/">data/media/pages/</option> <option value="data/media/people/">data/media/people/</option> <option value="data/media/portfolio/">data/media/portfolio/</option> <option value="data/media/thumbnails/">data/media/thumbnails/</option> <option value="data/downloads/">data/downloads/</option> <option value="data/uploads/">data/uploads/</option> <option value="data/skins/techjunkie/images/">data/skins/techjunkie/images/</option> </select></td></tr> <input type="hidden" name="MAX_FILE_SIZE" value="6291456" /> </fieldset> </table> </div> <input class="wymupdate button" type="submit" name="submit" value="Upload" /> <input class="wymupdate button" type="submit" name="submit" value="Cancel" /> </form> </fieldset> </div> </div> <div id="footer"> <div id="copyright">&copy; 2008 Scott Lewis. SkyBlueCanvas [1.1 r248]</div> <div id="performance">Generated in 0.4493 seconds</div> <div style="clear: both;"></div> </div> </div> </body> </html> <!-- skin.index.html --> Dz-Ghost Team ===== Saoucha * Star08 * Cyber Sec * theblind74 * XproratiX * onurozkan * n2n * Meher Assel =========================== special thanks to : r0073r (inj3ct0r.com) * L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects * aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net MR.SoOoFe * ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te --------------------------------------------------------------------------------------------------------------------------------- # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-25]</pre></body></html>
