Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability

2008.09.27
Credit: CWH
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 6.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

============================================================ Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability ============================================================ AUTHOR : CWH Underground DATE : 21 September 2008 SITE : cwh.citec.us ################################################################################### APPLICATION : Rianxosencabos CMS VERSION : 0.9 DOWNLOAD : http://downloads.sourceforge.net/rsccms/rsccms.tar.gz ################################################################################### --- Add-Admin / Delete-Account Vulnerability --- ------------- Description ------------- Rianxosencabos CMS 0.9 has Vulnerability to escalate user to administartor's privilege. That Vulnerable in "http://[Target]/[rsccms_path]/?s=admin&accion=lista" and You can Arbitrary change user's permission or delete user This action will give your account can use All Admin Control Panel with Administrative's Privilege or Arbitrary Delete account in website. -------------- Exploit code -------------- [+] Log in with your account, You can register with this URL "http://[Target]/[rsccms_path]/?s=usuarios&accion=registrar" [+] Go to "http://[Target]/[rsccms_path]/?s=admin&accion=lista" [+] Now you can Change user permission or delete user account ##################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #####################################################################

References:

http://xforce.iss.net/xforce/xfdb/45290
http://www.securityfocus.com/bid/31296


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top