customcmsgp-shellxss.txt
Posted on 28 April 2010
PLz chk it # Exploit Title: XSS and shell upload Vulnerability in CustomCMS Gaming Portal V.4.5.8.2 # Date: 25-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : []          ------------------------------------------------------------------------------------------------------------------            XSS and shell upload Vulnerability CustomCMS Gaming Portal V.4.5.8.2                            Vendor:http://customcms.net/          ------------------------------ Author:Sid3^effects-------------------------------------------------------  What is Custom CMS Gaming? Custom CMS Gaming is a Content Management System geared towards all Gamers that would like to maintain and create fully functional gaming sources. Whether you're interested in running your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy for all users to create & manage the Gaming website they've always dreamed of.  PRICE : 55$ --------------------------------------------------------------------------------------------    3xpl0it : XSS (cross site scripting )          XSS is found in the following link..  DEMO URL :       http://customcms.net/demo/sendtofriend.php?url= ---------------------------------------------------------------------------       Attack Pattern: '"-->    ---------------------------------------------------------------------------           3xpl0it : Shell upload             You can upload shell once you get into admincp     * Rename the shell and upload with the extension .php.giff              GOTO http://site/images/uploads/misc/ur_shell.php.giff.php        ShoutZ : -------                 ---Indian Cyber warriors--Andhra hackers-- Greetz : --------  =--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=
