Kentico CMS 7.0.75 - User Information Disclosure

EDB-ID:

32157

CVE:


EDB Verified:

Author:

Charlie Campbell & Lyndon Mendoza

Type:

webapps

Exploit:   /  

Platform:

ASP

Date:

2014-03-10

Vulnerable App: 
# Exploit Title: Kentico CMS User Enumeration Bug
# Google Dork: inurl:/CMSPages/logon.aspx <-- enumerates several Kentico
CMS sites
# Date: 02-25-2014
# Exploit Author: Charlie Campbell and Lyndon Mendoza
# Vendor Homepage: http://www.kentico.com/
# Software Link: http://www.kentico.com/Download-Demo/Trial-Version
# Version: [Version 7.0.75 and previous versions]

This vulnerability is an unprotected page on the site where you can view
all current users and usernames.
To find out if a Kentico CMS is vulnerable go to

http://site.com/CMSModules/Messaging/CMSPages/PublicMessageUserSelector.aspx

assuming that the Kentico CMS was installed to the root folder in the
server.

I have already notified the authors and security team for Kentico CMS, in
their response they claimed they would issue a patch on 02-21-2014.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services