header-logo
Suggest Exploit
vendor:
xEpan
by:
Parikesit, Kurawa In Disorder
7,5
CVSS
HIGH
File Upload
N/A
CWE
Product Name: xEpan
Affected Version From: 1.0.4
Affected Version To: 1.0.4
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 Ultimate
2014

Multiple Vulnerability xEpan 1.0.4

xEpan have elfinder which can exploited to upload a backdoor. Vulnerable page is http://target/elfinder/elfinder.html. Just upload your php backdoor and acess there http://target/elfinder/files/<backdoor_name>. Database information can be leaked from http://target/install.sql. Important file, like ftp password, is stored in a public file http://target/ftpsync.settings. Weak password used is http://target/index.php?page=owner_dashboard with admin:admin.

Mitigation:

Use private privileges or delete the file.
Source

Exploit-DB raw data:

# Exploit Title: Multiple Vulnerability xEpan 1.0.4
# Google Dork: not yet
# Date: 2014-11-27
# Exploit Author: Parikesit , Kurawa In Disorder
# Vendor Homepage: http://xepan.org
# Software Link: http://www.xepan.org/index.php?subpage=download
# Version: 1.0.4
# Tested on: Windows 7 Ultimate
# Vulnerability Type: File Upload
# Risk Level: High
# Solution Status: Not Fixed
# Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id )

-----------------------------------------------------------------------------------------------

Advisory Details:

xEpan have elfinder which can exploited to upload a backdoor

1.) vulnerable page : http://target/elfinder/elfinder.html
Just upload your php backdoor 
and acess there http://target/elfinder/files/<backdoor_name>

2.) leak database information : http://target/install.sql
after installation the script not remove the .sql file it's can be danger

3.) important file , like ftp password stored in a public file : http://target/ftpsync.settings
very danger , how to prevent just use a private privilages or delete the file

4.) weak password used : http://target/index.php?page=owner_dashboard
admin:admin ... :o 

-----------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR