########################## www.BugReport.ir #######################################
#
#		AmnPardaz Security Research Team
#
# Title: Acidcat CMS Multiple Vulnerabilities. 
# Vendor: www.acidcat.com
# Vulnerable Version: 3.4.1
# Exploit: Available
# Impact: High
# Fix: N/A
###################################################################################

####################
1. Description:
####################
Acidcat CMS is a web site and simple Content Management System that can be administered via a web browser.

####################
2. Vulnerability:
####################
	2.1. There is a SQL Injection in "default.asp". By using it, attacker can gain usernames and encrypted passwords.
		2.1.1. POC:
				Check the exploit section.
	2.2. There is a logical vulnerability in which attacker can send email by the site without any permission.
		2.2.1. POC:
				Check the exploit section.
	2.3. There is a SQL Injection in "main_login2.asp". By using it, attacker can login to the site.
		2.3.1. POC:
				Check the exploit section.
	2.4. There is a XSS in "/admin/admin_colors_swatch.asp".
		2.4.1. POC:
				/admin/admin_colors_swatch.asp?field=value='';}alert('XSS');function(){myForm.myText
	2.5. There is a FckEditor which has no permission, and attacker can upload his/her file.
		2.5.1. POC:
				/admin/fckeditor/editor/filemanager/connectors/test.html
####################
3. Exploits:
####################

	Original Exploit URL: http://bugreport.ir/index.php?/36/exploit

####################
4. Solution:
####################
	Edit the source code to ensure that inputs are properly sanitized.
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
WwW.BugReport.ir
WwW.AmnPardaz.com