Seditio CMS <= v121 (pfs.php) Remote File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Seditio CMS <= v121 (pfs.php) Remote File Upload Vulnerability
# Published : 2007-07-27
# Author : A.D.T
# Previous Title : PHP123 Top Sites (category.php cat) Remote SQL Injection Vuln
# Next Title : Adult Directory (cat_id) Remote SQL Injection Vulnerability

# Seditio CMS Remote File Upload Vulnerability

# ReSearcher : A.D.T

# Script : Seditio and Ldu Cms

# Version : All Versions

# Script HomePage : http://neocrome.net/

# Dork : "powered by seditio" or "powered by ldu"

# Risk : Very High!

# Usage : Firstly, you register the victim web site. After, go to "pfs.php" and upload your evil script!

# [+] Your Evil Script : evilscriptname.php.gif or evilscriptname.php.jpg or evilscriptname.php.png

# Contact : a.d.t-gizliadres@hotmail.com

# HomePage : http://err0rgroup.org/    

# We Are : A.D.T | LaqNéS | KeyStr0ke |Pcq0 | Dümenci | SaLuR | Z@rih | 0ssi3 | Sanal-Tehlike | Lnt

# ...and thanks str0ke

# www.Syue.com [2007-07-27]