# Exploit Title: Multiple Vulnerability xEpan 1.0.4# Google Dork: not yet# Date: 2014-11-27# Exploit Author: Parikesit , Kurawa In Disorder# Vendor Homepage: http://xepan.org# Software Link: http://www.xepan.org/index.php?subpage=download# Version: 1.0.4# Tested on: Windows 7 Ultimate# Vulnerability Type: File Upload# Risk Level: High# Solution Status: Not Fixed# Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id )-----------------------------------------------------------------------------------------------
Advisory Details:
xEpan have elfinder which can exploited to upload a backdoor
1.) vulnerable page : http://target/elfinder/elfinder.html
Just upload your php backdoor
and acess there http://target/elfinder/files/<backdoor_name>2.) leak database information : http://target/install.sql
after installation the script not remove the .sql file it's can be danger
3.) important file, like ftp password stored in a public file: http://target/ftpsync.settings
very danger , how to prevent just use a private privilages or delete the file4.) weak password used : http://target/index.php?page=owner_dashboard
admin:admin ...:o
-----------------------------------------------------------------------------------------------
