facebook facebook twitter rss

BenjaCMS vX.X AuthBypass/UploadFile Vulenrabilities

Author: TUNISIAN CYBER , Published: 15-12-2013
[+] Author: TUNISIAN CYBER
[+] Exploit Title: BenjaCMS vX.X AuthBypass/UploadFile Vulenrabilities
[+] Date: 14-12-2013
[+] Category: WebApp
[+] Vendor: http://sourceforge.net/projects/benjacms/files/benjacms/
[+] Download: http://sourceforge.net/projects/benjacms/files/latest/download?source=files
[+] Google Dork: n/a
[+] Tested on: Win7 , ubuntu 13.04
[+] Friend's blog: http://na3il.wordpress.com/


########################################################################################
I/ Auth Bypass:
Attacker can easily access to the admin panel without loging in
127.0.0..1/Path/benjacms/admin

II/Upload File:
127.0.0..1/Path/benjacms/admin/upload.php
File Path:
http://127.0.0.1/benja/billeder/h4x3d.php

p0c>http://oi39.tinypic.com/2s7b4w7.jpg
http://oi41.tinypic.com/2r4lyrq.jpg
III/Fix:
No Fix until now...
########################################################################################
Greets to: XMaXtn, N43il HacK3r, XtechSEt

Like us on Facebook :