'Sistem Biwes Multiple Vulnerability'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Sistem Biwes Multiple Vulnerability
From:       admin () eidelweiss ! info
Date:       2012-08-29 15:28:14
Message-ID: 201208291528.q7TFSEmf029042 () sf01web3 ! securityfocus ! com
[Download RAW message or body]

===================================================================
		Sistem Biwes Multiple Vulnerability
===================================================================

Author: eidelweiss (@randyarios)
Product / software: SISTEM BIWES
Vendor Site: http://sistembiwes.com/
Product Price: RM240 / year


Product Description:
 
Sistem Bina Website Sendiri(Biwes)
Sistem Bina Website Sendiri atau lebih dikenali dengan nama Sistem Biwes adalah \
sistem bina website sendiri berkonsepkan DIY(Do It Yourself). Ia memberi peluang \
kepada mereka yang ingin mengendalikan website sendiri tetapi tidak mempunyai \
pengetahuan tentang website.

Cara penggunaannya iaitu anda masukkan kandungan website, sistem secara automatik \
akan mencipta menu bagi page baru. Bagi website e-commerce pula sistem ini \
digabungkan dengan sistem shopping cart dan sistem pembayaran.

Sistem ini sesuai untuk produk digital ataupun fizikal. Bilangan produk yang sedikit \
ataupun bilangan produk yang banyak

===================================================================

Vulnerability:
Due to improper input sanitation, parameters are prone to SQL injection, Dir Listing
and Full Path Disclosure Vulnerability.

p0c 1: SQL Injection
Page: index.php
Vulnerable param: 'produkId'
http://host/index.php?c=[valid num]&a=cartM2&produkId=[inject here]

p0c 3: Full Path Disclosure (FPD)
path: multiple
page: multiple


Demo:
http://host/webs/admin/index.php

Warning: require_once(form_login.php) [function.require-once]: failed to open stream: \
No such file or directory in /home/[TARGET]/public_html/webs/admin/index.php on line \
21

Fatal error: require_once() [function.require]: Failed opening required \
'form_login.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in \
/home/[TARGET]/public_html/webs/admin/index.php on line 21

And many other path also vuln.

===================================================================
   
==========================| -=[ E0F ]=- |==========================


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic