Kaboozu CMS x.x.x - Remote Shell Upload Vulnerability (0day)
- [+] Discovered by: KnocKout
- [~] Contact : knockout@e-mail.com.tr
- [~] HomePage : http://h4x0resec.blogspot.com - http://milw00rm.com
- [~] Greetz: BARCOD3, ZoRLu, b3mb4m, _UnDeRTaKeR_, Septemb0x, KedAns-Dz, Turksec( TurkGuvenligi )
- ############################################################
- ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- |~Web App. : Kaboozu CMS
- |~Affected Version : 6.0.0 and all version
- |~Official : http://www.kaboozu.dk/
- |~RISK : High
- |~DORK : N/A
- |~Tested On : [L] Kali Linux [R]
- ########################################################
- Tested on;
- www.klimadan.dk
- www.mormorshjem.dk
- www.promidt.dk
- www.oh-industri.dk
- www.ungherning.dk
- www.isenvad-badminton-klub.dk
- www.stensbjerg-totalbyg.dk
- www.baboonwire.com
- www.www.ankerhost.dk
- www.birk-ikast.dk
- www.deviso.dk
- www.dovista.com
- www.oen.dk
- www.mea-cor.dk
- ----------------------------------------------------------
- INFO
- -------------------------------------------------------
- Step1: Go to Target: [URL]/kaboozu/tools/kcfinder/browse.php?type=media
- Step2: Go to the "Banner" directory
- (You can install malicious code. CoDer jerks are just "php" They put filters,
- Something happens that they forget PHP5 supports most Linux servers
- the name of the shell file if you do it this way this would be easily upload ".php5" )
- Step3 : sample file name for bypass "h4x0re.jpeg.php5" and it upload !
- Step4 : the uploaded file on the server will be here
- [URL]/custom/media/Banner/h4x0re.jpg.php5
- ----------------------------------------------------------
Hiç yorum yok:
Yorum Gönder