Share Multiple Vulnerability xEpan 1.0.4 - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html) +--- Forum: Web Attack (https://www.indonesianbacktrack.or.id/forum/forum-181.html) +--- Thread: Share Multiple Vulnerability xEpan 1.0.4 (/thread-6119.html) |
Multiple Vulnerability xEpan 1.0.4 - abdilahrf - 11-27-2014 # Exploit Title: Multiple Vulnerability xEpan 1.0.4 # Google Dork: not yet # Date: 2014-11-27 # Exploit Author: Parikesit , Kurawa In Disorder # Vendor Homepage: http://xepan.org # Software Link: http://www.xepan.org/index.php?subpage=download # Version: 1.0.4 # Tested on: Windows 7 Ultimate # Vulnerability Type: File Upload # Risk Level: High # Solution Status: Not Fixed # Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id ) ----------------------------------------------------------------------------------------------- Advisory Details: xEpan have elfinder which can exploited to upload a backdoor 1.) vulnerable page : http://target/elfinder/elfinder.html Just upload your php backdoor and acess there http://target/elfinder/files/<backdoor_name> 2.) leak database information : http://target/install.sql after installation the script not remove the .sql file it's can be danger 3.) important file , like ftp password stored in a public file : http://target/ftpsync.settings very danger , how to prevent just use a private privilages or delete the file 4.) weak password used : http://target/index.php?page=owner_dashboard admin:admin ... :o ----------------------------------------------------------------------------------------------- http://www.hasnydes.us/2014/11/multiple-vulnerability-xepan-1-0-4/ http://1337day.com/exploit/22965 http://www.exploit-db.com/exploits/35396/ RE: Multiple Vulnerability xEpan 1.0.4 - Kresna - 11-28-2014 (11-27-2014, 07:10 PM)abdilahrf Wrote: # Exploit Title: Multiple Vulnerability xEpan 1.0.4 weh mantep nih, ada exploit baru RE: Multiple Vulnerability xEpan 1.0.4 - x_code - 11-30-2014 dork : allinurl:/elfinder/elfinder ntu dork abal2 ...ahahaahahah RE: Multiple Vulnerability xEpan 1.0.4 - abdilahrf - 12-04-2014 Published http://1337day.com/exploit/22965 http://www.exploit-db.com/exploits/35396/ RE: Multiple Vulnerability xEpan 1.0.4 - cyberking - 12-04-2014 nice ) dork: inurl:elfinder.html inurl:/elfinder/elfinder.html+intitle:"elFinder 2.0" inurl:ckeditor/elfinder/elfinder.html inurl:ckeditor/elfinder/elfinder.html+intitle:"elFinder" dll, kembangin aja ) |