BugTraq
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities Jun 18 2006 03:41PM
liz0 bsdmail com
Easy CMS 0.1.2 Php Shell Upload Vulnerabilities

----------------------------------------------------

site:http://sourceforge.net/projects/php-easy-cms/

demo:http://www.easy-cms.be/

--------------------------------------------------

Bug:

1)http://victim/choose_file.php

Documents

Images

Scripts

Styles

Templates

Add a directory

Add a file

2)click add a file

and upload shell.php.gif

http://victim/Repositories/shell.php.gif

Example bug video download here http://biyosecurity.be/video/easycms.rar

----------------------------------------------------------

Credit:Liz0ziM

Mail:liz0 (at) bsdmail (dot) com [email concealed]

Site:www.biyo.tk,www.biyosecurity.be

---------------------------------------------------------------

Source:

http://biyosecurity.be/bugs/easycms.txt

http://www.blogcu.com/Liz0ziM/719389/

http://liz0zim.no-ip.org/easycms.txt

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus