Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx3567.htm

Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities



Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities
Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities



===============================================================0D
  Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities=0D
===============================================================0D
=0D
  ,--^----------,--------,-----,-------^--,=0D
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..=0D
  `+---------------------------^----------|=0D
    `\_,-------, _________________________|=0D
      / XXXXXX /`|     /=0D
     / XXXXXX /  `\   /=0D
    / XXXXXX /\______(=0D
   / XXXXXX /           =0D
  / XXXXXX /=0D
 (________(             =0D
  `------'=0D
=0D
=0D
AUTHOR : CWH Underground=0D
DATE   : 22 June 2008=0D
SITE : www.citec.us=0D 
=0D
=0D
#####################################################=0D
 APPLICATION : Benja CMS=0D
 VERSION     : 0.1=0D
 VENDOR	     : N/A=0D
DOWNLOAD : http://downloads.sourceforge.net/benjacms=0D 
#####################################################=0D
=0D
--- Broken Authentication ---=0D
=0D
Anonymous can access to administrative control that can add/delete menu=0D
[+] http://[Target]/[benjacms_path]/admin/=0D 
=0D
=0D
--- Arbitrary File upload ---=0D
=0D
Upload Path:=0D
[+] http://[Target]/[benjacms_path]/admin/upload.php=0D 
=0D
File Location:=0D
[+] http://[Target]/[benjacms_path]/billeder/[Evil File]=0D 
=0D
***Can upload malicious files such as php shell script***=0D
=0D
=0D
--- Remote XSS Exploit ---=0D
=0D
---------=0D
 Exploit=0D
---------=0D
=0D
[+] http://[Target]/[benjacms_path]/admin/admin_edit_submenu.php/=0D 
[+] http://[Target]/[benjacms_path]/admin/admin_new_submenu.php/=0D 
[+] http://[Target]/[benjacms_path]/admin/admin_edit_topmenu.php/=0D 
=0D
##################################################################=0D
  Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  =0D
##################################################################=0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH