Subrion 3.X.X - Multiple Exploits

2015.10.23
Credit: bRpsd
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

{-} Title => Subrion 3.X.X - Multiple Exploits {-} Author => bRpsd (skype: vegnox) {-} Date Release => 23 October, 2015 {-} Vendor => Subrion Homepage => http://www.subrion.org/ Download => http://tools.subrion.org/get/latest.zip Vulnerable Versions => 3.X.X Tested Version => Latest, 3.3.5 on a Wamp Server. {x} Google Dork:: 1 => "© 2015 Powered by Subrion CMS" {x} Google Dork:: 2 => "Powered by Subrion CMS" -------------------------------------------------------------------------------------------------------------------------------- The installation folder never get deleted or protected unless you deleted it yourself. Which let any unauthorized user access the installation panel and ruin your website in just a few steps .. -------------------------------------------------------------------------------------------------------------------------------- ####################################################################################### Vulnerability #1 : Reset Administrator Password & Database settings Risk: High File Path: http://localhost/cms/install/install/configuration/ ####################################################################################### ####################################################################################### Vulnerability #2 : Arbitrary File Download + Full Path Disclouser Risk: Medium File Path: http://localhost/cms/install/install/download/ Method: POST Parameter (for file contents) : config_content ############################################ ########################################### Vulnerability #3 : Unauthorized Arbitrary Plugins Installer Risk: Medium File Path: http://localhost/cms/install/install/plugins/ ########################################## ** SOLUTION ** ! : Solution for all vulnerabilities is to delete the file located at: /install/modules/module.install.php H@PPY H@CK1NG !


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top