An Out-of-Date CMS is No Match for a Skilled Intruder
Conclusion
This article presents another great example of why you should keep your application versions up-to-date. I showed that you can take advantage of a bug in the application code to manipulate the underlying database. At worst, this technique allows me to obtain a valid username. At best, a clever exploit allows me to get a cracked password to use for SSH access. Once I have SSH access, it is just a matter of time before I elevate the privileges to the root user. From there, it is game over.
I hope you have learned from this look at gaining access to a server. Successful attacks against even high-profile brands start in a similar way. You might be surprised at how badly some online services are set up when it comes to dealing with attacks. If you are running your own servers, stay vigilant.
Infos
- LAMP installations on Ubuntu 16.04: https://www.rosehosting.com/blog/how-to-install-lamp-on-ubuntu-16-04
- CMS Made Simple: https://www.cmsmadesimple.org
- Installation page: https://getsimple.info/wiki/installation
- Download page: http://dev.cmsmadesimple.org/project/files/6
- NVD CVE entry: https://nvd.nist.gov/vuln/detail/CVE-2019-9053
- CVE details: https://www.cvedetails.com/cve/CVE-2019-9053
- CMS Made Simple tip: https://forum.cmsmadesimple.org/viewtopic.php?t=76795
- Exploit Database entry: https://www.exploit-db.com/exploits/46635
- SearchSploit: https://www.exploit-db.com/searchsploit
- Hydra: https://github.com/vanhauser-thc/thc-hydra
- Pentest Monkey – PHP Reverse Shell: https://pentestmonkey.net/tools/web-shells/php-reverse-shell
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)