Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities

[tan_prathan]

==============================================================

  Benja CMS 0.1 (Upload/XSS) Multiple Remote Vulnerabilities

==============================================================


  ,--^----------,--------,-----,-------^--,

  | |||||||||   `--------'     |          O     .. CWH Underground Hacking Team 
..

  `+---------------------------^----------|

    `\_,-------, _________________________|

      / XXXXXX /`|     /

     / XXXXXX /  `\   /

    / XXXXXX /\______(

   / XXXXXX /           

  / XXXXXX /

 (________(             

  `------'



AUTHOR : CWH Underground

DATE   : 22 June 2008

SITE   : www.citec.us



#####################################################

 APPLICATION : Benja CMS

 VERSION     : 0.1

 VENDOR      : N/A

 DOWNLOAD    : http://downloads.sourceforge.net/benjacms

#####################################################


--- Broken Authentication ---


Anonymous can access to administrative control that can add/delete menu

[+] http://[Target]/[benjacms_path]/admin/



--- Arbitrary File upload ---


Upload Path:

[+] http://[Target]/[benjacms_path]/admin/upload.php


File Location:

[+] http://[Target]/[benjacms_path]/billeder/[Evil File]


***Can upload malicious files such as php shell script***



--- Remote XSS Exploit ---


---------

 Exploit

---------


[+] http://[Target]/[benjacms_path]/admin/admin_edit_submenu.php/<XSS>

[+] http://[Target]/[benjacms_path]/admin/admin_new_submenu.php/<XSS>

[+] http://[Target]/[benjacms_path]/admin/admin_edit_topmenu.php/<XSS>


##################################################################

  Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  

##################################################################