customcmsgpimage-shell.txt
Posted on 28 April 2010
# Exploit Title: Upload Vulnerability in CustomCMS Gaming Portal # Date: 26-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : []          ------------------------------------------------------------------------                     Upload Vulnerability in CustomCMS Gaming Portal                            Vendor:http://customcms.net/          ----------------------Author:Sid3^effects-------------------------------  What is Custom CMS Gaming? Custom CMS Gaming is a Content Management System geared towards all Gamers that would like to maintain and create fully functional gaming sources. Whether you're interested in running your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy for all users to create & manage the Gaming website they've always dreamed of. --------------------------------------------------------------------------------------------    * UPLOAD Vulnerability          The attacker can upload shell.         change your shell format to an image format              goto media where you can upload images  DEMO URL :   http://customcms.net/demo/admincp/?page=Media&op=Media   once uploaded check your evil script goto /images/uploads/gallery/[ur evil script]  DEMO URL :       http://customcms.net/demo/images/uploads/gallery/[ur evil script] ---------------------------------------------------------------------------    ShoutZ : -------                 ---Indian Cyber warriors--Andhra hackers-- Greetz : --------  =--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=
