|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Cutenews 1.4.5 |
|
Posted: Mon Dec 17, 2007 5:17 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
Does someone know any valuable exploit for cutenews 1.4.5. If you know an admin password has exploit, it would be more then perfect...
hope that my message isn't gonna be empty, i have searched all over the net and i didn't find an usable exploit to cutenews. If someone does know any one that is valuable i would pray him good life until his death.
Cutenews 1.4.5 exploit. I know that there is an exploit for 1.4.1 but for 1.4.5 there is just low security problems, if someone was knowing an usable exploit please help, it's really urgent... |
|
|
|
|
Posted: Mon Dec 17, 2007 10:14 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
CuteNews contains very insecure php code. Right now i'm looking at source and see lots of opportunities for attacks. Maybe some security advisory by me will be out in near future, who knows ... |
|
|
|
|
Posted: Tue Dec 18, 2007 2:55 am |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | CuteNews contains very insecure php code. Right now i'm looking at source and see lots of opportunities for attacks. Maybe some security advisory by me will be out in near future, who knows ... |
hmm, is ther any possible admin password hash, it would be so nice. If i beg to the death will do something for cutenews.... |
|
|
|
|
|
|
|
|
Posted: Wed Dec 19, 2007 6:35 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
astropi wrote: | waraxe wrote: | CuteNews contains very insecure php code. Right now i'm looking at source and see lots of opportunities for attacks. Maybe some security advisory by me will be out in near future, who knows ... |
hmm, is ther any possible admin password hash, it would be so nice. If i beg to the death will do something for cutenews.... |
Right now i have written two exploit scripts - one of them "cuteuser.php" is capable of enumerating of all CuteNews usernames and other exploit - "cutemd5.php" can fetch md5 hash for specified user. Furthermore - hash can be cracked in most cases, because salting is not used. Even better - by using cookie manipulation - auhentication can be done without even cracking md5 hash. And as it's not bad enough - in case of admin's account compromise - arbitrary php code can be inserterted to templates and bingo - you have php shell backdoor!
So shortly speaking - in most cases attack from zero knowledge to php shell will take time about some minutes maybe
Righ now i'm tweaking exploit scripts and preparing advisory. So stay in touch till they will be publicly available. Hopefully within next few days |
|
|
|
|
|
|
|
|
Posted: Wed Dec 19, 2007 9:07 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
WOW waraxe you are always my god.
If you never finish them don't forget to send them to me. I will be more then happy to be a beta tester... |
|
|
|
|
Posted: Wed Dec 19, 2007 9:08 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
astropi wrote: | WOW waraxe you are always my god.
If you never finish them don't forget to send them to me. I will be more then happy to be a beta tester... |
Exploits will be publicly available very soon |
|
|
|
|
Posted: Thu Dec 20, 2007 2:07 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | astropi wrote: | WOW waraxe you are always my god.
If you never finish them don't forget to send them to me. I will be more then happy to be a beta tester... |
Exploits will be publicly available very soon |
By very soon do you mean, couple of hours(lol). days, months....
Give me a clue master, i am very impatient, i will die for this script.... |
|
|
|
|
Posted: Thu Dec 20, 2007 2:32 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Tomorrow maybe. But you can send me PM with target needed - and therefore i can test if it works. |
|
|
|
|
Posted: Thu Dec 20, 2007 3:05 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | Tomorrow maybe. But you can send me PM with target needed - and therefore i can test if it works. |
no problem, i have sent you a pm. |
|
|
|
|
Posted: Thu Dec 20, 2007 3:51 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
So i have been testing my exploit scripts against various CuteNews versions and even old 1.3.1 is exploitable. Tests against 1.1 failed. |
|
|
|
|
Posted: Thu Dec 20, 2007 5:14 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | So i have been testing my exploit scripts against various CuteNews versions and even old 1.3.1 is exploitable. Tests against 1.1 failed. |
well as long as it work on 1.4.5 this is what matter the most... Please waraxe, i think that i desserve having the script in premier.....
Nice work buddy you are always a GOd
Edit:oh my god, it's not even a double post, it's a triple post.....
No seriously, you are driving us insane waraxe....
edit2:We are tomorrow, yessssss!!!!!!!!!
Waiting for your magics Master Waraxe.......
-Dont double/triple post- -Sm0ke- |
|
|
|
|
Posted: Fri Dec 21, 2007 1:34 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Do you have php CLI ready? Because you need it for running these exploits. What platform you use? Windows? Linux? |
|
|
|
|
Posted: Fri Dec 21, 2007 1:55 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | Do you have php CLI ready? Because you need it for running these exploits. What platform you use? Windows? Linux? |
both Window and Linux and yes, i have CLI ready...
I also have a webserver.... |
|
|
|
|
Posted: Fri Dec 21, 2007 2:02 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
You want testing? And can't wait till exploits public release??
Do you have target's username known? I can send you betaversion of "cutemd5.php", but exact username must be known! |
|
|
|
|
Posted: Fri Dec 21, 2007 2:03 pm |
|
|
astropi |
Regular user |
|
|
Joined: Nov 21, 2007 |
Posts: 20 |
|
|
|
|
|
|
|
waraxe wrote: | You want testing? And can't wait till exploits public release??
Do you have target's username known? I can send you betaversion of "cutemd5.php", but exact username must be known! |
hmm, i can do beta testing, i know some username of my targets. It would be a pleasure.
Do you see how I am addicted, i replyed 1 minute after you, lol |
|
|
|
|
www.waraxe.us Forum Index -> All other software
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
|
|
Powered by phpBB � 2001-2008 phpBB Group
|
|
|
|
|