# Exploit Title: Multiple Vulnerability xEpan 1.0.4 # Google Dork: not yet # Date: 2014-11-27 # Exploit Author: Parikesit , Kurawa In Disorder # Vendor Homepage: http://xepan.org # Software Link: http://www.xepan.org/index.php?subpage=download # Version: 1.0.4 # Tested on: Windows 7 Ultimate # Vulnerability Type: File Upload # Risk Level: High # Solution Status: Not Fixed # Discovered and Provided: Kurawa In Disorder ( http://kurawa.indonesianbacktrack.or.id ) , Indonesian Backtrack Team ( http://indonesianbacktrack.or.id ) ----------------------------------------------------------------------------------------------- Advisory Details: xEpan have elfinder which can exploited to upload a backdoor 1.) vulnerable page : http://target/elfinder/elfinder.html Just upload your php backdoor and acess there http://target/elfinder/files/ 2.) leak database information : http://target/install.sql after installation the script not remove the .sql file it's can be danger 3.) important file , like ftp password stored in a public file : http://target/ftpsync.settings very danger , how to prevent just use a private privilages or delete the file 4.) weak password used : http://target/index.php?page=owner_dashboard admin:admin ... :o -----------------------------------------------------------------------------------------------