[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] Classic Infomedia (Login) - Auth Bypass Web Vulnerability
From: Vulnerability Lab <research () vulnerability-lab ! com>
Date: 2016-01-27 14:27:24
Message-ID: 56A8D3CC.4060805 () vulnerability-lab ! com
[Download RAW message or body]
Document Title:
===============
Classic Infomedia (Login) - Auth Bypass Web Vulnerability
References (Source):
====================
http://www.vulnerability-lab.com/get_content.php?id=1679
Release Date:
=============
2016-01-25
Vulnerability Laboratory ID (VL-ID):
====================================
1679
Common Vulnerability Scoring System:
====================================
9.1
Product & Service Introduction:
===============================
CLASSIC INFOMEDIA PRIVATE LIMITED, was incorporated as a Private Limited Company in 2010 with \
the objective of providing quality service in the field of Information Technology. The people \
who have created CLASSIC INFOMEDIA have collective decades of experience in creating websites \
and managing job and matrimonial portals. In addition to these, they are also involved in the \
domain registration, web development and web hoisting. CLASSIC INFOMEDIA has a highly \
experienced and well trained group of international IT professionals who are striving to \
understand changing customer needs, and enrich their quality of life by simply making the \
technology readily usable for them.
(Copy of the Vendor Homepage: http://www.classicinfomedia.com/ )
Abstract Advisory Information:
==============================
An independent vulnerability laboratory research group discovered an auth bypass (pre-auth) web \
vulnerability in the official Classic Infomedia (Login) CMS (2016-Q1).
Vulnerability Disclosure Timeline:
==================================
2016-01-25: Public Disclosure (Vulnerability Laboratory)
Discovery Status:
=================
Published
Affected Product(s):
====================
Classic Infomedia
Product: Classic Infomedia - CMS (Web-Application) 2016 Q1
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Critical
Technical Details & Description:
================================
A classic auth bypass web vulnerability has been discovered in the official Classic Infomedia \
(Login) CMS (2016-Q1). The web vulnerability allows to bypass the login mechanism that protects \
the web-application from unauthorized access.
The vulnerability is located in the adminlogin page that is linked with the index.php file. \
Remote attackers are able to inject own malicious strings to bypass the login authentification \
mechanism. The request method is POST and the attack vector of the issue is located on the \
application-side of the web-application. The vulnerability is a classic auth bypass \
vulnerability.
The security risk of the auth bypass vulnerability is estimated as critical with a cvss (common \
vulnerability scoring system) count of 9.1. Exploitation of the remote login auth bypass web \
vulnerability requires no user interaction or privileged web-application user account. \
Successful exploitation of the auth bypass vulnerability results in database management system, \
web-server and web-application compromise.
Request Method(s):
[+] GET
Vulnerable Module(s):
[+] Login (Admin)
Vulnerable File(s):
[+] index.php
Vulnerable Parameter(s):
[+] page=adminlogin
Proof of Concept (PoC):
=======================
The auth bypass vulnerability can be exploited by remote attackers without privileged \
web-application user account or user interaction. For security demonstration or to reproduce \
the vulnerability follow the provided information and steps below to continue.
Dork(s):
intext:"Powered and Maintained by Classic Infomedia"
Login Pages:
http://www.site.com/admin/login.php
http://www.site.com/index.php?page=adminlogin
PoC: Auth Bypass (Input)
Username : 'or''='
Password : 'or''='
PoC: Demos
http://www.jobstogofor.com/admin/login.php
http://www.numbersmiracle.com/index.php?page=adminlogin
Security Risk:
==============
The security risk of the remote sql injection web vulnerability in the web-application is \
estimated as high. (CVSS 9.1)
Credits & Authors:
==================
Iran Cyber Security Group - 0x3a (ICG SEC) [Iran-Cyber.Net]
Thanks To : root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | Pi.Hack | CRY$I$ BL4CK | WH!T3 \
W01F | And All Members Of Iran-Cyber.Net
Disclaimer & Information:
=========================
The information provided in this advisory is provided as it is without any warranty. \
Vulnerability Lab disclaims all warranties, either expressed or implied, including the \
warranties of merchantability and capability for a particular purpose. Vulnerability-Lab or its \
suppliers are not liable in any case of damage, including direct, indirect, incidental, \
consequential loss of business profits or special damages, even if Vulnerability-Lab or its \
suppliers have been advised of the possibility of such damages. Some states do not allow the \
exclusion or limitation of liability for consequential or incidental damages so the foregoing \
limitation may not apply. We do not approve or encourage anybody to break any vendor licenses, \
policies, deface websites, hack into databases or trade with fraud/stolen material.
Domains: www.vulnerability-lab.com - www.vuln-lab.com - www.evolution-sec.com
Contact: admin@vulnerability-lab.com - research@vulnerability-lab.com - \
admin@evolution-sec.com
Section: magazine.vulnerability-db.com - vulnerability-lab.com/contact.php - \
evolution-sec.com/contact
Social: twitter.com/#!/vuln_lab - facebook.com/VulnerabilityLab - \
youtube.com/user/vulnerability0lab
Feeds: vulnerability-lab.com/rss/rss.php - vulnerability-lab.com/rss/rss_upcoming.php - \
vulnerability-lab.com/rss/rss_news.php
Programs: vulnerability-lab.com/submit.php - \
vulnerability-lab.com/list-of-bug-bounty-programs.php - vulnerability-lab.com/register/
Any modified copy or reproduction, including partially usages, of this file requires \
authorization from Vulnerability Laboratory. Permission to electronically redistribute this \
alert in its unmodified form is granted. All other rights, including the use of other media, \
are reserved by Vulnerability-Lab Research Team or its suppliers. All pictures, texts, \
advisories, source code, videos and other information on this website is trademark of \
vulnerability-lab team & the specific authors or managers. To record, list (feed), modify, use \
or edit our material contact (admin@vulnerability-lab.com or research@vulnerability-lab.com) \
to get a permission.
Copyright © 2016 | Vulnerability Laboratory - [Evolution Security GmbH]â„¢
--
VULNERABILITY LABORATORY - RESEARCH TEAM
SERVICE: www.vulnerability-lab.com
CONTACT: research@vulnerability-lab.com
PGP KEY: http://www.vulnerability-lab.com/keys/admin@vulnerability-lab.com%280x198E9928%29.txt
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic