Subrion 3.X.X - Multiple Exploits

vendor:

Subrion CMS

by:

bRpsd

5,5

CVSS

MEDIUM

Reset Administrator Password & Database settings, Arbitrary File Download + Full Path Disclouser, Unauthorized Arbitrary Plugins Installer

N/A

CWE

Product Name: Subrion CMS

Affected Version From: 3.X.X

Affected Version To: 3.3.5

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Wamp Server

2015

Subrion 3.X.X – Multiple Exploits

The installation folder never get deleted or protected unless you deleted it yourself, which let any unauthorized user access the installation panel and ruin your website in just a few steps.

Mitigation:

Delete the file located at: /install/modules/module.installdata.php

Source

Exploit-DB raw data:

{-} Title => Subrion 3.X.X - Multiple Exploits

{-} Author => bRpsd (skype: vegnox)

{-} Date Release => 23 October, 2015


{-} Vendor => Subrion
    Homepage => http://www.subrion.org/
	Download => http://tools.subrion.org/get/latest.zip
	Vulnerable Versions => 3.X.X
	Tested Version => Latest, 3.3.5 on a Wamp Server.

{x} Google Dork:: 1 => "Â© 2015 Powered by Subrion CMS"
{x} Google Dork:: 2 => "Powered by Subrion CMS"

--------------------------------------------------------------------------------------------------------------------------------
The installation folder never get deleted or protected unless you deleted it yourself.
Which let any unauthorized user access the installation panel and ruin your website in just a few steps ..
--------------------------------------------------------------------------------------------------------------------------------


#######################################################################################
Vulnerability #1 : Reset Administrator Password & Database settings
Risk: High
File Path: http://localhost/cms/install/install/configuration/
#######################################################################################



#######################################################################################
Vulnerability #2 : Arbitrary File Download + Full Path Disclouser 
Risk: Medium
File Path: http://localhost/cms/install/install/download/
Method: POST
Parameter (for file contents) : config_content
#######################################################################################


#######################################################################################
Vulnerability #3 : Unauthorized Arbitrary Plugins Installer 
Risk: Medium
File Path: http://localhost/cms/install/install/plugins/
#######################################################################################


** SOLUTION ** ! :
Solution for all vulnerabilities is to delete the file located at:
/install/modules/module.install.php


H@PPY H@CK1NG !