Subdreamer CMS-v3.7.1 Mullti Vulnerability

2018.02.05
dz indoushka (DZ) dz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1=================== | # Title : Subdreamer CMS-v3.7.1 Mullti Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Dork : Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media | # Tested on: win8.1 Fr V.(Pro) 23:09 * 22/05/2015 | # Download : http://www.20script.ir =========================================================================================== Directory listing : http://127.0.0.1/Subdreamer/admin/tiny_mce/ http://127.0.0.1/Subdreamer/admin/login/ Remote/Local File Inclusion : C:\web\www\Subdreamer\index.php Line :1097 Function :include Variables :$headerfile Php Code Execution : C:\web\www\Subdreamer\index.php Line : 1616 Function : eval Variables : $layout_arr,$layout_index LFI : http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=**** Upload File : C:\web\www\Subdreamer\admin\tiny_mce\plugins\imagemanager\imagemanager.php Line : 262 Function : move_uploaded_file Variables : $image['tmp_name'],$imagesdir,$imagesdir <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8" /> <title>Subdreamer CMS - Admin Panel</title> <link rel="stylesheet" type="text/css" href="http://127.0.0.1/Subdreamer/admin/styles/flipside/css/admin.css.php" /> <style type="text/css"> #content { padding: 0; margin: 0; max-width: 850px !important; min-width: 200px !important; } .fileentry-container, .fileentry-container-media { background-color: #FFF; border: 1px solid #c0c0c0; display: inline; float: left; margin: 10px; height: 130px; text-align: center; width: 130px; overflow: hidden; } .fileentry, .fileentry-media { border: none; display: block; border: none; padding: 4px; min-height: 120px; text-align: center; } .fileentry-container:hover { border: 1px solid #0000FF; } .fileentry-container-media:hover { border: 1px solid #00FF00; } </style> <script type="text/javascript" src="../../tiny_mce_popup.js"></script> <script type="text/javascript"> sdurl = "http://127.0.0.1/Subdreamer/"; function InsertImage(imagepath,img_width,img_height) { tinyMCE.execCommand("mceInsertContent", false, '<img src="'+imagepath+'" width="'+img_width+'" height="'+img_height+'" style="border: none" />'); tinyMCEPopup.close(); } </script> </head> <body> <div id="content"> <!-- start section --><h1>Upload File</h1> <div class="table_wrap"> <div class="form_wrap"> <table border="0" cellpadding="0" cellspacing="0" summary="layout" width="100%"> <tr> <td class="td2"><strong>Upload a new image to this folder:</strong></td> <td align="left" class="td3"> <form enctype="multipart/form-data" method="post" action="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php" id="upload_form"> <input type="hidden" name="action" value="uploadimage" /> <input type="hidden" name="folderpath" value="****images/" /> <input name="image" type="file" size="70" /><br /> <input type="submit" value="Upload File" /> </form> <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2F&amp;action=displayimages"'>[Site Images]</a> &nbsp; <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2Farticlethumbs%2F&amp;action=displayimages"'>[Articles Thumbs]</a> &nbsp; <a href="#" onclick='javascript:window.location="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=%2A%2A%2A%2Aimages%2Ffeaturedpics%2F&amp;action=displayimages"'>[Articles Pictures]</a> &nbsp; </td> </tr> </table> </div> <!-- form_wrap --> </div> <!-- table_wrap --> <!-- start section --><h1>Images</h1> <div class="table_wrap"> <div class="form_wrap"> <table border="0" cellpadding="0" cellspacing="0" summary="images" width="100%"> <tr> <td class="td1">Folder Path: http://127.0.0.1/Subdreamer/images/</td> </tr> <tr> <td class="td2" align="left" style="text-align: left"> <div class="fileentry-container"><div class="fileentry"><a href="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=****images/articlethumbs/"><img alt="Change folder" border="0" width="48" height="48" src="./img/folder.gif" /></a> <br /><a style="font-size: 10px;" href="./imagemanager.php?folderpath=****images/articlethumbs/">articlethumbs</a></div></div> <div class="fileentry-container"><div class="fileentry"><a href="http://127.0.0.1/Subdreamer/admin/tiny_mce/plugins/imagemanager/imagemanager.php?folderpath=****images/featuredpics/"><img alt="Change folder" border="0" width="48" height="48" src="./img/folder.gif" /></a> <br /><a style="font-size: 10px;" href="./imagemanager.php?folderpath=****images/featuredpics/">featuredpics</a></div></div> <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/default_avatar.png",80,80);' title="default_avatar.png"><img alt="default_avatar.png" border="0" src="../../../../images/default_avatar.png" width="80" height="80" /></a></div></div> <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/edit.png",16,16);' title="edit.png"><img alt="edit.png" border="0" src="../../../../images/edit.png" width="16" height="16" /></a></div></div> <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/mail.png",16,16);' title="mail.png"><img alt="mail.png" border="0" src="../../../../images/mail.png" width="16" height="16" /></a></div></div> <div class="fileentry-container"><div class="fileentry"><a href="javascript:void(0);" onmousedown='InsertImage("http://127.0.0.1/Subdreamer/images/ratings.gif",85,48);' title="ratings.gif"><img alt="ratings.gif" border="0" src="../../../../images/ratings.gif" width="85" height="48" /></a></div></div> </td> </tr> </table> </div> <!-- form_wrap --> </div> <!-- table_wrap --> </div> </body> </html> Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top