EZCMS <= 1.2 (bSQL-Admin Byapss) Multiple Remote Vulnerabilities

2008-06-14 00:00:00

-[*]+================================================================================+[*]-
-[*]+ EZCMS <= 1.2 Multiple Remote Vulnerabilitys +[*]-
-[*]+================================================================================+[*]-



[*] Discovered By: t0pP8uZz
[*] Discovered On: 19 MAY 2008
[*] Script Download: http://eztechhelp.com
[*] DORK google/altavista: "Powered by EZCMS"



[*] Vendor Has Not Been Notified!



[*] DESCRIPTION:

EZCMS (all versions prior to date) suffers from 2 remote vulnerabilitys.

One of these being a BLIND Sql Injection in "index.php" and the "page" variable is injectable.
see example below.

The second one being a insecure filemanager, the filemanager is hidden away in admin, the devs
probarly thought no one would find it.. but here i am telling you ;)
see more below.



[*] Blind SQL Injection:

http://site.com/index.php?page=1 and 1=1
http://site.com/index.php?page=1 and 1=2



[*] Arbitrary Remote File Manager Access:

http://site.com/ezcms/admin/filemanager/



[*] NOTE/TIP:

no exploit coded for the blind injection, because no point due to you can get a easy shell
through the file manager, althou if your curious, use SQLMap. (check sourceforge)

the "File Manager" is a very easy to use bug, just browse to site.com/ezcms/admin/filemanager/
site.com being the actual site and you can upload/edit/delete/upload/move files/folders.



[*] GREETZ:

milw0rm.com, h4ck-y0u.org, CipherCrew !



[-] peace,

t0pP8uZz



-[*]+================================================================================+[*]-
-[*]+ EZCMS <= 1.2 Multiple Remote Vulnerabilitys +[*]-
-[*]+================================================================================+[*]-

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.