API tools faq
paste
KingSkrupellos

F3-CMS FatFreeFramework 0.0.1 Database Disclosure

KingSkrupellos
Feb 13th, 2019
69
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.56 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : F3-CMS FatFreeFramework 0.0.1 Database Disclosure
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 14/02/2019
  7. # Vendor Homepage : f3cms.ca ~ fatfreeframework.com
  8. # Software Download Link : github.com/vijinho/f3-cms/archive/dev-master.zip
  9. # Software Information Link : github.com/vijinho/f3-cms
  10. github.com/vijinho/f3-cms/blob/dev-master/docs/DATABASE.md
  11. # Software Version : 0.0.1 and higher versions.
  12. # Tested On : Windows and Linux
  13. # Category : WebApps
  14. # Exploit Risk : Medium
  15. # Vulnerability Type : CWE-16 [ Configuration ] ~ CWE-200 [ Information Exposure ]
  16. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  17. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  18. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  19.  
  20. ####################################################################
  21.  
  22. # Description about Software :
  23. ***************************
  24. F3 CMS is a Content Management System.
  25.  
  26. The F3 CMS framework is a secure and robust, PHP-based coding platform.
  27.  
  28. ####################################################################
  29.  
  30. # Impact :
  31. ***********
  32. F3-CMS FatFreeFramework 0.0.1 and higher versions configuration file may potentially
  33.  
  34. disclose sensitive information to remote attackers.
  35.  
  36. The configuration file that F3-CMS FatFreeFramework 0.0.1 stored in folder /data/db/sql/.
  37.  
  38. HTTP requests consisting of a single character will cause the software to
  39.  
  40. disclose sensitive configuration information, including the password/database to the administrative web interface.
  41.  
  42. This file is installed, by default, with world readable and possibly world writeable permissions enabled.
  43.  
  44. This may have some potentially serious consequences as the configuration
  45.  
  46. file also stores password information in plain text.
  47.  
  48. This issue occurs because access controls on configuration files are not properly set.
  49.  
  50. An attacker can exploit this issue to retrieve potentially sensitive information.
  51.  
  52. Attackers can access config file via URL request. This may aid in further attacks.
  53.  
  54. ####################################################################
  55.  
  56. # Database Disclosure Exploit :
  57. **************************
  58. /data/db/sql/audit-archive.sql
  59.  
  60. /data/db/sql/create.sql
  61.  
  62. /data/db/sql/phinx.sql
  63.  
  64. ####################################################################
  65.  
  66. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  67.  
  68. ####################################################################
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!