Kentico CMS 7.0.75 – User Information Disclosure

• Exploit Database
• 10 阅读

• 作者： Charlie Campbell & Lyndon Mendoza
  日期： 2014-03-10
• 类别：

  • webapps
  平台：

  • asp
• 来源：https://www.exploit-db.com/exploits/32157/

• # Exploit Title: Kentico CMS User Enumeration Bug
  # Google Dork: inurl:/CMSPages/logon.aspx <-- enumerates several Kentico
  CMS sites
  # Date: 02-25-2014
  # Exploit Author: Charlie Campbell and Lyndon Mendoza
  # Vendor Homepage: http://www.kentico.com/
  # Software Link: http://www.kentico.com/Download-Demo/Trial-Version
  # Version: [Version 7.0.75 and previous versions]
  
  This vulnerability is an unprotected page on the site where you can view
  all current users and usernames.
  To find out if a Kentico CMS is vulnerable go to
  
  http://site.com/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx
  
  assuming that the Kentico CMS was installed to the root folder in the
  server.
  
  I have already notified the authors and security team for Kentico CMS, in
  their response they claimed they would issue a patch on 02-21-2014.