[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Goople Cms 1.7 Arbitrary Code Execution Vulnerability
# Published : 2008-11-24
# Author : x0r
# Previous Title : NetArtMedia Real Estate Portal 1.2 (ad_id) SQL Injection Vuln
# Next Title : VideoScript 3.0 <= 4.0.1.50 Official Shell Injection Exploit
-============================================-
Autore: x0r - Evolution Team
Msn: andry2000@hotmail.it
Cms: Goople Cms 1.7
Bug: Arbitrary File Creation
Download:
http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
-============================================-
Exploit:
#Attack One
Logg yourself like a normal user then in your meno go on "Notepad" (
/win/notepad/index.php ), in this notepad you can make a php shell :P
#Attack Two
Use this js code for bypass the log in: javascript:document.cookie =
"loggedin=1; path=/"; <--- tnx BeyazKurt
And then go to /win/notepad/index.php
Greetz: Amore mio oggi sono 48 giorni...Ti AmO Da Impazzire... A + M....
Bimba Mia Sei La Mia Vita...
# www.Syue.com [2008-11-24]