CustomCMS Gaming Portal 4.5.8.2 Cross Site Scripting / Shell Upload

2010-04-27T00:00:00
ID PACKETSTORM:88954
Type packetstorm
Reporter Sid3 effects
Modified 2010-04-27T00:00:00

Description

                                        
                                            `  
  
PLz chk it   
  
# Exploit Title: XSS and shell upload Vulnerability in CustomCMS Gaming Portal V.4.5.8.2  
# Date: 25-apr-2010  
# Author: Sid3^effects  
# Software Link: N/a  
# CVE : []  
# Code : []  
  
------------------------------------------------------------------------------------------------------------------  
XSS and shell upload Vulnerability CustomCMS Gaming Portal V.4.5.8.2  
Vendor:http://customcms.net/  
------------------------------ Author:Sid3^effects-------------------------------------------------------  
  
  
  
  
What is Custom CMS Gaming?  
  
Custom CMS Gaming is a Content Management System geared towards all Gamers that would like   
  
to maintain and create fully functional gaming sources. Whether you're interested in running   
  
your gaming site as a hobby or as a serious online venture, Custom CMS Gaming makes it easy   
  
for all users to create & manage the Gaming website they've always dreamed of.   
  
PRICE : 55$   
--------------------------------------------------------------------------------------------  
  
3xpl0it : XSS (cross site scripting )   
  
XSS is found in the following link..  
  
DEMO URL :  
http://customcms.net/demo/sendtofriend.php?url=  
---------------------------------------------------------------------------  
  
Attack Pattern: '"-->   
  
---------------------------------------------------------------------------  
  
3xpl0it : Shell upload   
  
You can upload shell once you get into admincp   
  
* Rename the shell and upload with the extension .php.giff  
  
GOTO http://site/images/uploads/misc/ur_shell.php.giff.php  
  
  
  
ShoutZ :  
-------   
---Indian Cyber warriors--Andhra hackers--   
  
Greetz :  
--------  
=--*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--Mayur--=  
  
  
  
  
  
  
`