Lucene search
Sid3 effectsPACKETSTORM:88954HistoryApr 27, 2010 - 12:00 a.m.
CustomCMS Gaming Portal 4.5.8.2 Cross Site Scripting / Shell Upload
2010-04-2700:00:00
Sid3 effects
packetstormsecurity.com
21
`
PLz chk it
# Exploit Title: XSS and shell upload Vulnerability in CustomCMS Gaming Portal V.4.5.8.2
# Date: 25-apr-2010
# Author: Sid3^effects
# Software Link: N/a
# CVE : []
# Code : []
------------------------------------------------------------------------------------------------------------------
XSS and shell upload Vulnerability CustomCMS Gaming Portal V.4.5.8.2
Vendor:http://customcms.net/
------------------------------ Author:Sid3^effects-------------------------------------------------------
What is Custom CMS Gaming?
Custom CMS Gaming is a Content Management System geared towards all Gamers that would like
to maintain and create fully functional gaming sources. Whether you're interested in running
your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy
for all users to create & manage the Gaming website they've always dreamed of.
PRICE : 55$
--------------------------------------------------------------------------------------------
3xpl0it : XSS (cross site scripting )
XSS is found in the following link..
DEMO URL :
http://customcms.net/demo/sendtofriend.php?url=
---------------------------------------------------------------------------
Attack Pattern: '"-->
---------------------------------------------------------------------------
3xpl0it : Shell upload
You can upload shell once you get into admincp
* Rename the shell and upload with the extension .php.giff
GOTO http://site/images/uploads/misc/ur_shell.php.giff.php
ShoutZ :
-------
---Indian Cyber warriors--Andhra hackers--
Greetz :
--------
=--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=
`