xEpan 1.0.4 – Multiple Vulnerabilities

• Exploit Database
• 47 阅读

• 作者： Parikesit , Kurawa
  日期： 2014-11-28
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/35396/

• # Exploit Title: Multiple Vulnerability xEpan 1.0.4
  # Google Dork: not yet
  # Date: 2014-11-27
  # Exploit Author: Parikesit , Kurawa In Disorder
  # Vendor Homepage: http://xepan.org
  # Software Link: http://www.xepan.org/index.php?subpage=download
  # Version: 1.0.4
  # Tested on: Windows 7 Ultimate
  # Vulnerability Type: File Upload
  # Risk Level: High
  # Solution Status: Not Fixed
  # Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id )
  
  -----------------------------------------------------------------------------------------------
  
  Advisory Details:
  
  xEpan have elfinder which can exploited to upload a backdoor
  
  1.) vulnerable page : http://target/elfinder/elfinder.html
  Just upload your php backdoor 
  and acess there http://target/elfinder/files/<backdoor_name>
  
  2.) leak database information : http://target/install.sql
  after installation the script not remove the .sql file it's can be danger
  
  3.) important file , like ftp password stored in a public file : http://target/ftpsync.settings
  very danger , how to prevent just use a private privilages or delete the file
  
  4.) weak password used : http://target/index.php?page=owner_dashboard
  admin:admin ... :o 
  
  -----------------------------------------------------------------------------------------------