Goople CMS 1.7 - Arbitrary Code Execution Vulnerability

ID EDB-ID:7210
Type exploitdb
Reporter x0r
Modified 2008-11-24T00:00:00


Goople Cms 1.7 Arbitrary Code Execution Vulnerability. CVE-2008-6118. Webapps exploit for php platform

Autore: x0r - Evolution Team
Cms: Goople Cms 1.7
Bug: Arbitrary File Creation


#Attack One

Logg yourself like a normal user then in your meno go on "Notepad" (
/win/notepad/index.php ), in this notepad you can make a php shell :P

#Attack Two

Use this js code for bypass the log in: javascript:document.cookie =
"loggedin=1; path=/"; <--- tnx BeyazKurt

And then go to /win/notepad/index.php

Greetz: Amore mio oggi sono 48 giorni...Ti AmO Da Impazzire... A + M....
Bimba Mia Sei La Mia Vita...

# [2008-11-24]