Subdreamer Pro 3.0.4 - CMS Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1060575 漏洞类型
发布时间 2010-06-28 更新时间 2010-06-28
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/14101
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
__________         __    __                              .__ 
\\\\______   \\\\_____ _/  |__/  |_  ____  __ __  ___________  |__|
 |    |  _/\\\\__  \\\\\\\\   __\\\\   __\\\\/  _ \\\\|  |  \\\\/  ___/\\\\__  \\\\ |  |
 |    |   \\\\ / __ \\\\|  |  |  | (  <_> )  |  /\\\\___ \\\\  / __ \\\\|  |
 |______  /(____  /__|  |__|  \\\\____/|____//____  >(____  /__|
        \\\\/      \\\\/                             \\\\/      \\\\/   

######################################################
# Exploit Title: Subdreamer Pro v3.0.4 CMS upload Vulnerability
# Author: Battousai
# Home: http://hack.pro.mk & https://ssteam.ws
# Software Link:N/A
# Version: v3.0.4
# Tested on: Windows XP SP3, Linux Ubuntu 10.04
# CVE : N/A
#Dork: \\\"Website powered by Subdreamer CMS & Sequel Theme Designed by indiqo.media\\\"
######################################################


Exploit:

1. Register your account at: http://127.0.0.1/index.php?categoryid=4

2. After registring point your browser at: http://127.0.0.1/index.php?categoryid=2&p17_sectionid=2&p17_action=submitimage (and upload is complete)



######################################################
# Greetz to: SilenceD, Zer0Flag, Evilb4st4rd, internet
# KingPin, s3th, packetdeath, Horadrim, AnnexxEmpire
# sM10, 599eme Man, Xylitol, __KiNG, 777, sp1r1t
# d3v1l, AlphaDog, n3d
# and every living person at:
# http://hack.pro.mk & https://ssteam.ws
######################################################